Fortune 500 parts supplier breached
Summary
Visser Precision, a parts supplier to automotive, defense, and aeronautics companies, reported a data theft incident, according to a Tech Crunch article.
According to the article, security researchers claim the Colorado-based company was the victim of DoppelPaymer ransomware, the same ransomware used in an attack on Mexico’s oil/gas giant Pemex.
Tech Crunch lists Tesla, SpaceX, Lockheed Martin, and Boeing among the Visser customers that had files stolen and posted to a website for download.
Report
Analysis
Fortune 500 companies are only as secure as the weakest link in the supply chain. The financial risks are numerous. In the case of this incident, it is possible that valuable IP was exposed, potentially jeopardizing a valuable piece of technology. Smaller suppliers that provide critical parts could be disrupted and create a ripple effect across the customer supply chain, causing a financially damaging operational disruption in the process.
As large, public companies increasingly consider their cyber governance performance, it is equally important to understand the cyber governance performance of the supply chain—particularly when a supplier’s operational disruption could become the publicly held customer’s disruption and a problem for shareholders.