Hello. Cyber risk in the technology supply chain continues to grow. Tech providers, especially the ones that specialize in a particular sector, have gotten hacked left and right in the past year or so.

That includes tech-services companies for credit unions, medical organizations, car dealerships and electric utilities—often small and mid-size companies that play a big part in consumers’ everyday lives.

One of the latest examples is a cyberattack at Bridgton, Maine-based NAHGA Claim Services, which processes healthcare and accident claims for organizations across the U.S. NAHGA said more than 181,000 people had their personal and medical data stolen in an April hack.

NAHGA, like so many other breached companies, told state regulators it has since improved its cybersecurity. (Of course. What else would a company say?) But here are the essential questions for me: Why does it take a hack to prompt action? Why don’t customer organizations know more about the cyber practices and protections of their critical tech providers, and demand better? Can AI help?

I’d love to hear your thoughts beyond the fact that vetting third parties is hard and time consuming. Email me or reply to this newsletter.

More news below.

• The attackers exploited a code vulnerability and made off with $186 million, some of which Illusory was able to recover, the Federal Trade Commission said. The situation was made worse by Illusory's weak incident response and vulnerability-management failures, the FTC said.
• Yet Illusory advertised “security-first” services and didn't heed warnings about insecure code, according to the watchdog. 
• The company agreed to reform its cyber program and submit to outside audits. 

Venezuela's state-run oil company PDVSA said it has resumed oil cargo deliveries after a weekend cyberattack that led to some downed tech systems. The country's oil ministry blamed the cyber strike on the U.S. (MarineLink)

Cisco zero day: Several Cisco Systems products are being targeted by suspected China-linked hackers exploiting a zero-day bug that doesn't yet have a patch, the company said Wednesday. At risk are Cisco Secure Email Gateway, Cisco Secure Email and Web Manager. Customers should rebuild these products while Cisco works on fixes, according to a security alert from the company. (TechCrunch)

Oracle-breach victim: Auto parts company LKQ disclosed to state regulators that it was breached through its Oracle E-Business Suite of enterprise software. The Clop ransomware group has said it was behind 100 Oracle cyberattacks including the incident at LKQ, which exposed data about 9,000 customers. (SecurityWeek)

Crypto exchange E-Note was disabled in an operation by U.S. and Michigan law enforcement, working with police in Germany and Finland. Mykhalio Petrovich Chudnovets, a Russian national who runs E-Note, was indicted by the U.S. for money laundering for cyber criminals since 2010, the Justice Department said Wednesday. 

French police arrested a 22-year-old man accused of being involved with a cyberattack this month on France's Ministry of the Interior. The man was convicted earlier this year for other hacking crimes, prosecutors in Paris said.

• The ministry said Friday its email system was breached (Bleeping Computer)

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten and James Rundle. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.