EXTEND Resources

04/10/2026

The FBI’s classification of this intrusion as a “major incident” may involve a government system, but the lessons reach well beyond government.

The article reports that access appeared to come through a commercial ISP’s vendor infrastructure. For private-sector security leaders, that raises important questions about third-party access, sensitive operational data, system segmentation, and incident escalation.

This federal cybersecurity story is also a reminder that vendor exposure and governance gaps can create serious consequences in any organization with high-value systems and sensitive data.

https://bit.ly/4mb8NxE

The Federal Bureau of Investigation (FBI) communicated to Congress that a recent cyber intrusion into one of its internal surveillance systems has formally been classified as a "major incident" under federal data security law. This cybersecurity incident represents one of the most serious breach cla...

04/07/2026

A reported breach at AI training startup Mercor led Meta to pause its work with the company while the incident is investigated. For executives, boards, and risk leaders, this story is a reminder that third-party risk, supply chain exposure, and AI governance are closely connected.

When a vendor incident surfaces, the question is not only what happened—it is also how quickly leadership can assess exposure, respond, and communicate clearly. https://bit.ly/3Qmgh56

Mercor confirmed to Business Insider on Friday that the company had experienced a security breach.

03/31/2026

OpenLoop Health has disclosed a major data breach after an unauthorized third party accessed systems and copied files containing sensitive data, including medical information. While Social Security numbers were reportedly not accessed, the total number of affected individuals has not yet been publicly disclosed. For executives and boards, this is a reminder that breach response depends on more than containment. How are you evaluating privacy, legal, and operational exposure? https://bit.ly/4bA2ct5

A major data breach has been reported by the telehealth platform provider OpenLoop Health Inc. While the total number of affected individuals has yet to A major data breach has been reported by the telehealth platform provider OpenLoop Health Inc. The total number of affected individuals has yet to....

03/30/2026

A cyberattack at Stryker has now led to multiple lawsuits, raising concerns about how sensitive personal information was protected, how long the threat may have gone undetected, and whether safeguards were strong enough. For executives and boards, this is a reminder that breach response starts long before an incident is discovered. What risk signals are you monitoring today? https://bit.ly/4lW6yyi

A cyberattack at Stryker has sparked multiple lawsuits, which include a current employee, alleging the company failed to adequately protect sensitive data.

03/26/2026

Another major benefits administrator data breach is in the headlines, this time impacting millions of individuals. For leaders, this isn’t just “an IT problem”—it’s a governance, vendor risk, and resilience problem. How confident are you that your benefits ecosystem and other third parties align with your organization’s cyber risk appetite? https://bit.ly/4dcGjkY

A data breach at the Washington-based benefits administrator Navia Benefit Solutions has exposed the sensitive personal information of nearly 2.7 million individuals.

03/19/2026

When a ransomware attack exposes personal and financial data for more than 672,000 people, it’s a reminder that data handling, incident response, and third-party visibility all shape business risk. Which area gets the least executive attention in your organization today?

https://tcrn.ch/3PhIcmr

Fintech company Marquis is notifying hundreds of thousands of people that hackers stole their personal and financial information, including their Social Security numbers.

03/17/2026

When a business process outsourcer like TELUS Digital reports being targeted by a cyberattack group such as ShinyHunters, it’s not just a telecom story. It’s a reminder that outsourcing critical processes also means extending your threat surface.

For C‑suite leaders, boards, and those responsible for security, privacy, and risk, this incident raises important questions:
• Which business processes have been outsourced, and what data do they touch?
• How are you assessing and monitoring the security posture of BPOs and other vendors?
• Is your incident response playbook aligned with your outsourcing model and shared responsibilities?

At EXTEND Resources, we work with organizations to design information security, data privacy, and third‑party risk programs that account for complex outsourcing relationships and BPO dependencies.

As you read about the TELUS Digital incident, consider how a similar event involving one of your outsourcers would affect your operations and obligations. https://bit.ly/4bgObk3

The Canadian business-process outsourcer, which counts many major businesses among its customers, still isn’t sure what the hackers stole.

03/05/2026

One of the world’s largest hacker forums was just dismantled by U.S. authorities—good news, but not a reason for security leaders to relax. These forums fuel credential theft, ransomware, and supply chain attacks that directly impact boards and C‑suites. Now is the time to revisit risk appetite, vendor exposure, and incident response readiness. How often are you updating your cyber and privacy program against emerging threat intelligence?

https://bit.ly/3N12bVG

03/03/2026

The latest breach of 25 million Americans’ data is another reminder that “basic” controls and one-time compliance projects are no longer enough. Threats evolve, regulators adapt, and boards are increasingly accountable for cybersecurity oversight.

Leaders need visibility into:
• Where sensitive and personal data is stored and processed
• Which third parties can access it
• How quickly the organization can investigate and respond when something goes wrong

EXTEND Resources supports small and mid-size enterprises with integrated information security, privacy, and third-party risk services designed to be sustainable and scalable.

Investigators say attackers were present in parts of Conduent’s network from late October 2024 until mid‑January 2025.

03/03/2026

A major breach at a global manufacturer exposed sensitive files from high-profile tech companies—proof that third-party risk can quickly become your risk. How confident are you that your suppliers and manufacturers meet your security, privacy, and incident response standards?

https://bit.ly/4qGuvLt

02/24/2026

Nearly 1M user records were exposed in a data breach at Figure, a blockchain-based lender. The incident is a reminder that even innovative fintechs must balance speed with strong security and privacy controls. As your organization adopts new platforms, how are you aligning innovation with governance and risk oversight at the board level?

https://bit.ly/4s7NX4h

The blockchain-based lender has confirmed a data breach after ShinyHunters leaked over 2GB of data allegedly stolen from the company.