Internet Security Center
Total Tests:
This Week:
Today:
Cybercrime Investigations Weekly
A US Federal Contractor Linked To The $46M Crypto Theft Arrested
March 12, 2026
Finnish Psychotherapy Center Hacker Gets Nearly 7 Years In Prison
March 5, 2026
Former Exec Gets 7+ Years For Selling Hacking Tools To Russian Exploit Broker
February 26, 2026
Spanish Police Arrest A Man For Allegedly Booking Luxury Hotel Rooms For One Cent
February 19, 2026
Former US DOD Employee Faces Up To 100 Years In Prison For Aiding Nigerian Scammers
February 12, 2026
Stay in Touch

Get the latest updates, weekly insights, and invites to webinars and events.


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

Third Party Security Failure Caused 1 TB Data Breach at Saudi Aramco; Hackers Play Puzzle Games With Oil Giant

CPO Magazine
By Scott Ikeda for CPO Magazine
Tuesday, July 27, 2021

Though Saudi Aramco says that its normal operations were not negatively affected by the data breach, a third party security vulnerability is something they have little control over beyond terminating their arrangement with the vendor and finding a new one.

According to Ilia Kolochenko, Founder/CEO and Chief Architect of ImmuniWeb, this highlights the need for comprehensive programs that can manage the third party security risk created by dealing with potentially hundreds to thousands of contractors: “Aramco’s statement saying that the data comes from a third-party contractor highlights the importance and urgency to implement a holistic Third-Party Risk Management (TPRM) program to prevent supply chain attacks. Furthermore, a growing number of legislation including the UK and EU GDPR, state and federal laws in the US and emerging privacy laws in Brazil or South Africa now make companies liable for their breached suppliers. Given that some of the compromised data allegedly comes from 1993, it is not impossible that the data comes from several breached suppliers as well as from Aramco networks directly. Oftentimes, suppliers have privileged and virtually uncontrolled access to corporate resources on-premises and in the cloud, both of which are low-hanging fruit for shrewd cybercriminals. Many modern cyber gangs focus solely on hacking technology vendors to pivot to their customers in a simple, inexpensive and effortless manner.” Read Full Article


Previous Media Publications:

CPO Magazine: Data Leak Reveals Pegasus Spyware Found In Use Unlawfully in 20 Countries, With Capability to Break Current iPhone Security

SC Media: The threat of Pegasus-style spyware could creep toward the business community

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Ask a Question