TL;DR
Nike is investigating a 1.4 TB data theft by the WorldLeaks group. Irish agri-trader J Grennan & Sons had operations crippled by Akira ransomware. A still-unidentified energy-sector breach exposed over 20 million records including bank IBANs. The common thread? All three were preventable with basic controls your business can implement this week.
Breach 1: Nike — 1.4 TB of Internal Files Leaked
Get Our Weekly Cybersecurity Digest
Every Thursday: the threats that matter, what they mean for your business, and exactly what to do. Trusted by SMB owners across Australia.
No spam. No tracking. Unsubscribe anytime. Privacy
What happened: Cybercrime group WorldLeaks publicly claimed to have stolen and leaked approximately 1.4 TB of internal data from Nike. The haul reportedly includes over 188,000 files covering product design, manufacturing processes, supply chain logistics, and operational information.
How bad: If confirmed, this is a supply chain intelligence goldmine for competitors and counterfeiters. Product roadmaps, factory specifications, and supplier relationships — all exposed. Nike is still investigating and has not confirmed the full scope.
Free Resource
Weekly Threat Briefing — Free
Curated threat intelligence for SMBs. Active campaigns, new CVEs, and practical mitigations — every week, straight to your inbox.
Subscribe Free →How it could have been prevented: The attack vector is not yet public, but leaks of this size typically trace back to one of three failures: an unsecured cloud storage bucket, a compromised third-party vendor with excessive access, or credential theft without multi-factor authentication (MFA). Any of these is preventable with basic data classification and access controls.
Breach 2: J Grennan & Sons — Akira Ransomware Disrupts Operations
What happened: The Akira ransomware group targeted Irish agricultural trading company J Grennan & Sons, claiming to have exfiltrated sensitive financial records, invoices, and employee and customer personal data. The company confirmed the attack "significantly disrupted operations" and brought in external cybersecurity experts. While the company stated it is "reasonably confident" data was not accessed, Akira posted the firm on its dark web leak site and threatened to publish everything.
How bad: For a trading business, operational disruption means contracts stall, shipments don't move, and cash flow stops. Akira is a Ransomware-as-a-Service (RaaS) operation that typically demands six- and seven-figure ransoms from mid-market companies. The average ransomware attack now costs businesses nearly $5 million when you factor in downtime, recovery, legal fees, and reputational damage.
How it could have been prevented: Akira commonly gains entry via unpatched VPN appliances, RDP exposed to the internet, or phishing. Three controls would have dramatically reduced the risk: (1) MFA on all remote access, (2) 48-hour patching SLA for edge devices, and (3) offline, immutable backups tested quarterly.
Breach 3: Unnamed Energy Provider — 20+ Million Records
What happened: A threat actor on dark web forums claimed to possess over 1 TB of data from an energy-sector organization, allegedly containing more than 20 million individual records. The exposed data reportedly includes names, contact details, national identity numbers, energy contract information, and — critically — bank IBANs for some individuals.
How bad: Bank IBAN exposure turns this from a privacy incident into a direct financial fraud risk for affected customers. The organisation has not been publicly named, but the data volume suggests a major utility or energy retailer. Regulators in the EU and Australia treat IBAN exposure as a notifiable breach with potential fines up to 4% of annual turnover under GDPR or AU Privacy Act equivalents.
How it could have been prevented: Energy-sector breaches frequently originate from IoT and operational technology (OT) systems bridged to corporate networks without proper segmentation. If the attacker moved laterally from a smart-meter management system to the customer database, network segmentation alone would have contained the blast radius.
ISO 27001 SMB Starter Pack — $147
Threat intelligence is one thing — having the policies and controls to respond is another. Get the complete ISO 27001 starter kit for SMBs.
Get the Starter Pack →What Your Business Should Do This Week
1. MFA on everything remote (30 minutes). If you have RDP, VPN, or any remote access without multi-factor authentication, fix it today. Akira and most ransomware crews scan for exposed remote-access services as their primary entry vector. This is the single highest-ROI security control you can deploy.
2. Audit your third-party access (1 hour). Ask every vendor and contractor: what access do you have to our systems, and is it still necessary? Revoke anything unused. Require MFA for vendor accounts. The Nike breach — if vendor-related — follows a pattern where 61% of businesses suffered a supply chain breach in the last year.
3. Test your backups (1 hour). Not check that the backup job ran. Actually restore a file, a database, and a server from backup. If you can't restore from offline/immutable backups within your recovery time objective, you don't have backups — you have hope. Ransomware crews now target backup systems first.
4. Segment your network (start this month). If your OT systems, IoT devices, or guest Wi-Fi can reach your customer database, you have a flat network. The energy-sector breach is this year's reminder that lateral movement kills. Start with one VLAN separation this week.
FAQ
Q: We're a small business. Are we really a target?
Yes. 43% of data breaches involve small businesses. Ransomware groups actively target SMBs because they're less likely to have dedicated security staff and more likely to pay ransoms to restore operations quickly. Akira, the group that hit J Grennan & Sons, specifically hunts mid-market companies.
Q: How much does a breach actually cost?
IBM's latest Cost of a Data Breach report pegs the global average at $4.88 million per incident. For SMBs, the number is lower in absolute dollars but higher as a percentage of revenue — many don't survive. Downtime, forensic investigation, legal notification, regulatory fines, and customer loss compound quickly.
Q: What's the most important thing to do first?
Multi-factor authentication on all remote access, followed by offline backups. These two controls stop the majority of ransomware attacks before they become incidents.
Q: How do I know if my suppliers are secure?
Start with a simple vendor security questionnaire. Ask if they have MFA, how they handle your data, and when their last penetration test was. For critical vendors, request evidence — not promises.
Conclusion
Three breaches in one weekend. Three different industries. Three attack paths that converge on the same weaknesses: missing MFA, flat networks, and untested backups. The businesses that survive 2026's threat landscape aren't the ones with the biggest security budgets — they're the ones that do the basics consistently.
Don't wait until you're the headline.
Visit consult.lil.business for a free cybersecurity assessment and find out where your business stands before an attacker does it for you.
References
- Nike Probing Potential Security Incident as Hackers Threaten to Leak Data — SecurityWeek
- J Grennan & Sons Victim of Akira Ransomware Attack — Agriland
- The State of Ransomware 2026 — BlackFog
- IBM Cost of a Data Breach Report 2024
- Cybersecurity Statistics 2026 Report — ORDR
- 61% of Businesses Suffered a Supply Chain Breach — SupplyChainBrain
Work With Us
Ready to strengthen your security posture?
lilMONSTER assesses your risks, builds the tools, and stays with you after the engagement ends. No clipboard-and-leave consulting.
Book a Free Consultation →TL;DR
- A software company called TriZetto was hacked — and the hackers stayed hidden inside their systems for 10 months [1]
- 3.4 million people's Social Security numbers and health insurance records were stolen without anyone knowing [2]
- Your business uses vendors that hold your customers' data too — and when those vendors get hacked, it becomes your problem
- Three things you can check this week to know whether your vendors are protecting the data you've trusted them with
Imagine Someone Copying Your Spare Key
You gave a spare key to a software contractor years ago. They help run your systems, they do a good job, and you never really think about them.
Then one day you find out: someone broke into the contractor's office, found your spare key, and has been quietly letting themselves into your business every night for 10 months. They weren't stealing cash — they were photographing files. Customer records. Employee details. Insurance information.
You had no idea. The contractor had no idea. And every night, a little more of your data walked out the door.
That is essentially what happened to TriZetto Provider Solutions — a company that processes health insurance paperwork for thousands of doctors and clinics across the United States. Hackers broke in during November 2024. Nobody noticed until October 2025. By then, 3.4 million people's records had been exposed [1].
What Makes This Different From a Typical Hack?
Most people picture a cyberattack like a smash-and-grab robbery. Someone breaks in, grabs what they can, and runs before the alarm sounds.
This was more like a quiet, long-term spy operation. The hackers found a side door, made absolutely sure nobody could see them, and spent almost a year reading everything they could access.
The stolen information included names, home addresses, Social Security numbers, Medicare ID numbers, and health insurance details [2]. This is not the kind of data you can just replace, like cancelling a credit card. Social Security numbers, health records, and Medicare IDs can be used for identity theft for years — sometimes decades — after they are stolen.
The Part That Directly Affects Your Business
TriZetto is not a small startup. It is owned by Cognizant, one of the largest IT companies in the world [1]. And even they took 10 months to notice someone was inside their systems. According to IBM's 2024 Cost of a Data Breach Report, the average time to detect a breach in the healthcare sector is even longer than the global average — and the average healthcare breach costs $9.77 million [5].
Here is what this means for your business: you almost certainly have vendors who hold your customers' data too.
Think about your payroll software. Your customer database. Your email marketing tool. Your cloud file storage. Your accounting platform. Every single one of these holds personal information about real people — your customers, your employees, your business partners. According to Verizon's 2025 Data Breach Investigations Report, 15% of all confirmed data breaches now involve a third-party vendor [6].
If any of those vendors get hacked, your customers' information is at risk. And under Australian privacy law, you have legal responsibilities even when the breach happens at a vendor's end, not your own [3].
Three Things You Can Check This Week
You do not need to become a cybersecurity expert to protect your business here. These three checks are practical, free, and take less than an afternoon.
1. List every vendor that holds your data. Start with payroll, customer databases, accounting software, and email tools. Write them down. Most business owners are surprised — once you count carefully, the average is 20 to 50 vendors.
2. Ask each vendor: "Do you have a SOC 2 or ISO 27001 certification?" These are independent security audits conducted by external experts. A vendor with this certification has had their security independently verified. A vendor without it has not. If they handle sensitive data for your business, the answer to this question matters [4].
3. Check your contracts for breach notification clauses. How quickly does your vendor have to tell you if they get hacked? TriZetto waited 14 months to notify some customers [1]. Make sure your contracts do not allow that kind of delay.
FAQ
TriZetto is a US healthcare IT company that processes insurance eligibility data for doctors and clinics. The reason it matters is the pattern it represents: a software vendor was trusted with millions of sensitive records, failed to detect a breach for nearly a year, and notified affected parties more than 14 months after the intrusion began. The same risk exists with any vendor that processes data for your business [1].
If your data was affected, TriZetto and their notification partner Kroll will send a physical letter explaining what happened and offering 12 months of free credit monitoring and identity protection services. Accept the offer — it is genuinely useful [2].
Yes. Under Australian Privacy Principle 11 and equivalent laws in the UK, EU, and US, you are responsible for taking reasonable steps to protect the personal information you hold — including data that is stored or processed by third-party vendors on your behalf [3]. "My vendor got hacked" is not a complete defence.
SOC 2 stands for System and Organisation Controls 2. It is an independent audit that verifies a company's security actually works in practice — not just on paper. A SOC 2 Type II certification means the audit covered a full year of real operations, not a one-day snapshot. When a vendor tells you they are SOC 2 Type II certified, it means a qualified external auditor has confirmed their security controls operate consistently [4].
References
[1] B. Toulas, "Cognizant TriZetto breach exposes health data of 3.4 million patients," BleepingComputer, Mar. 2026. [Online]. Available: https://www.bleepingcomputer.com/news/security/cognizant-trizetto-breach-exposes-health-data-of-34-million-patients/
[2] Maine Attorney General, "TriZetto Provider Solutions Data Breach Notification Filing," Maine AG Office, Feb. 2026. [Online]. Available: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/e2c4cc45-dc81-498d-89f0-28c887808b41.html
[3] Office of the Australian Information Commissioner, "Australian Privacy Principle 11 — Security of Personal Information," OAIC, 2024. [Online]. Available: https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines/chapter-11-app-11-security-of-personal-information
[4] AICPA, "SOC 2 — SOC for Service Organizations: Trust Services Criteria," AICPA, 2024. [Online]. Available: https://www.aicpa-cima.com/resources/download/soc-2-trust-services-criteria-including-the-2022-points-of-focus
[5] IBM Security, "Cost of a Data Breach Report 2024," IBM, 2024. [Online]. Available: https://www.ibm.com/reports/data-breach
[6] Verizon, "2025 Data Breach Investigations Report," Verizon Business, 2025. [Online]. Available: https://www.verizon.com/business/resources/reports/dbir/
[7] COE Security, "Healthcare Supply Chain Under Cyber Siege," COE Security, Mar. 2026. [Online]. Available: https://coesecurity.com/healthcare-supply-chain-under-cyber-siege/
[8] CISA, "Guidance for Addressing Cybersecurity Risk in Third-Party Relationships," CISA, Nov. 2023. [Online]. Available: https://www.cisa.gov/resources-tools/resources/guidance-addressing-cybersecurity-risks-third-party-relationships
Not sure which of your vendors are handling your data responsibly? Most SMBs have 3 to 5 high-risk vendors they have never audited. lil.business can help you identify them and fix the gaps — without needing a full-time security team. Book a free call to find out what your vendor risk actually looks like.
lilMONSTER Newsletter
Weekly cybersecurity insights, practical tips, no spam. Unsubscribe anytime.