HackerOne slams supplier for delayed breach notice after staff data exposed
Summary
Bug bounty platform HackerOne has revealed a data breach affecting nearly 300 of its employees. The breach occurred at Navia, a third-party benefits provider used by HackerOne, and HackerOne is criticizing Navia for a significant delay in notifying affected individuals.
IFF Assessment
FOE
This is bad news for defenders as it highlights a supply chain vulnerability and delayed incident response, increasing the potential impact of the breach.
Defender Context
This incident underscores the critical importance of robust third-party risk management and the potential for breaches to cascade through supply chains. Defenders should ensure their vendors have strong security postures and timely incident response capabilities, and be prepared to handle the fallout from vendor breaches.