---
title: "Vendor Causes Breach, Texas Supplier Hacked, Nokia Investigates Breach | DMARC Report"
description: "Amazon employee data exposed via the 2023 MOVEit flaw CVE-2023-34362, Texas oilfield firm Newpark files a ransomware 8-K, and Nokia probes IntelBroker"
image: "https://dmarcreport.com/og/blog/vendor-causes-breach-texas-supplier-hacked-nokia-investigates-breach.png"
canonical: "https://dmarcreport.com/blog/vendor-causes-breach-texas-supplier-hacked-nokia-investigates-breach/"
---
Quick Answer
Amazon confirmed employee desk phones, building locations, and email addresses were exposed via the 2023 MOVEit Transfer flaw CVE-2023-34362 affecting a property management vendor, with about 600 MOVEit servers impacted across customers. Texas oilfield supplier Newpark Resources disclosed a ransomware attack to the SEC that restricted parts of its IT and business systems while field operations continued. Nokia is investigating IntelBroker's BreachForums listing offering internal credentials, SSH keys, and source code allegedly sourced from a third-party contractor for about $20,000.
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fvendor-causes-breach-texas-supplier-hacked-nokia-investigates-breach%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Vendor%20Causes%20Breach%2C%20Texas%20Supplier%20Hacked%2C%20Nokia%20Investigates%20Breach&url=undefined%2Fblog%2Fvendor-causes-breach-texas-supplier-hacked-nokia-investigates-breach%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fvendor-causes-breach-texas-supplier-hacked-nokia-investigates-breach%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fvendor-causes-breach-texas-supplier-hacked-nokia-investigates-breach%2F&title=Vendor%20Causes%20Breach%2C%20Texas%20Supplier%20Hacked%2C%20Nokia%20Investigates%20Breach "Share on Reddit") [ ](mailto:?subject=Vendor%20Causes%20Breach%2C%20Texas%20Supplier%20Hacked%2C%20Nokia%20Investigates%20Breach&body=Check out this article: undefined%2Fblog%2Fvendor-causes-breach-texas-supplier-hacked-nokia-investigates-breach%2F "Share via Email")
> The organizations that invest in email authentication early save themselves from expensive incidents later, says Vasile Diaconu, Operations Lead at DuoCircle. We see the pattern constantly: a domain gets spoofed, customers lose trust, and the remediation effort costs 10x what proactive DMARC setup would have cost.
```
DMARC Report
```
Vendor Causes Breach, Texas Supplier Hacked, Nokia Investigates Breach
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-18089” readonly/>
```
```
Hey people! It’s a new week, and we are back with a fresh dose of [cybersecurity](https://dmarcreport.com/blog/how-to-educate-or-train-employees-on-cybersecurity/) news once again. This week, it’s all about big companies being attacked by threat actors. Now you know that no one is completely safe from [cyberattacks](https://abcnews.go.com/US/ticketmaster-hit-cyber-attack-compromised-user-data/story?id=110737962), not **even big industry names**.
The [sensitive data](https://www.prnewswire.com/news-releases/dig-security-state-of-cloud-data-security-2023-report-finds-exposed-sensitive-data-in-more-than-30-of-cloud-assets-301902104.html) of Amazon employees was breached because of a [third-party vendor](https://www.upguard.com/blog/third-party-vendor). Next, a Texas oilfield supplier fell prey to a ransomware attack. Also, Nokia, the **mobile manufacturing giant**, has been facing the brunt of cyberattacks and is busy conducting thorough investigations.
Let’s not waste any more \*\*time and jump into the details!
Keep reading to **stay cyberaware**.
## Third-party vendor led to employee data breach at Amazon
Amazon is currently facing a data breach where its employee data was compromised- thanks to a third-party vendor named MOVEIT. The breach happened because of a vulnerability in MOVEit (CVE-2023-34362). The vulnerability was discovered in 2023 in its **file transfer software**. Because of the vulnerability, hackers can conveniently [bypass authentication](https://cybersecuritynews.com/gitlab-authentication-bypass-vulnerability/) on networks that are unpatched. This way, they can access important files illegitimately. The hackers replicated the process with Amazon and gained access to [Amazon’s employee data](https://sightsinplus.com/news/industry-news/amazon-confirms-employee-data-hacked-in-2023-moveit-breach/).
Amazon has stated that the [data breach](https://securityintelligence.com/news/national-public-data-breach-publishes-private-data-billions-us-citizens/) happened because of the **third-party property management vendor**, MOVEit, and that all of Amazon’s systems are completely secure . The spokesperson at Amazon said that other customers who worked with MOVEit have also been affected by similar instances of data breaches. Amazon employee data that got compromised included sensitive details such as desk phone numbers, building locations, email addresses, and so on. This unfortunate incident of employee data breach is a staggering reminder of **supply chain vulnerabilities**. Experts believe that as many as [600 MOVEit servers](https://www.darkreading.com/cloud-security/amazon-employee-data-compromised-moveit-breach) have fallen prey to its vulnerabilities.
## Texas oilfield supplier attacked by mystery hackers
Newpark Resources recently filed a complaint against [ransomware attacks](https://therecord.media/oilfield-supplier-faces-disruptions-cyberattack) with the **SEC or Securities and Exchange Commission**. It is an [oil drilling fluids system](https://www.azonano.com/news.aspx?newsID=38693) as well as a composite matting systems provider based in Texas.
The company has yet to \*\*share further details as to how the [threat actors](https://thehackernews.com/2024/10/cisa-warns-of-threat-actors-exploiting.html) got access to their network. _Also, details on the identity of the attackers and the reason behind the attack still remain undisclosed_.
Once Newpark learned about the data breach, the security response plan was implemented as soon as possible to mitigate the impact of the attack. Also, the oilfield supplier restricted access to a certain extent. The attack has resulted in limited access to specific parts of \*\*Newpark’s information systems and business applications, [financial operating systems](https://a16z.com/healthtech-x-fintechs-biggest-prize-the-financial-operating-system-for-healthcare/), corporate functions, and so on. _On the brighter side, field operations and manufacturing processes managed to stay uninterrupted_.
The point of relief is that the stolen data has not \*\*made an appearance on any [leak sites](https://www.usatoday.com/story/money/2024/07/11/10-billion-passwords-leaked-what-to-do/74366179007/) yet.
Experts believe that industrial organizations are walking the tightrope whereby they are required to maintain the ultimate balance. _On one hand, they will have to streamline connectivity for smooth operations_. On the other hand, they will have to take care of cyber safety to \*\*prevent intruders from breaking into their networks.
A Texas oilfield supplier, Newpark Resources, was hit by mystery hackers, highlighting the critical need for [email security](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) measures like [DMARC](https://dmarcreport.com/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [SPF](https://dmarcreport.com/what-is-spf/) to \*\*protect against unauthorized access and [phishing attacks](https://www.bleepingcomputer.com/news/security/office-365-phishing-attack-impersonates-the-us-department-of-labor/).
## Nokia investigating data breach but got no proof of attack yet
This Tuesday, notorious threat actor IntelBroker allegedly posted Nokia’s internal data online. The data includes **internal credentials**, [SSH keys](https://www.msn.com/en-us/news/technology/scumbag-puts-stolen-nokia-source-code-ssh-and-rsa-keys-more-up-for-sale/ar-AA1tzJco?ocid=BingNewsVerp), and source codes. The attackers are putting up the data for sale on [BreachForums](https://www.heise.de/en/news/Datenhehler-Forum-BreachForums-polizeilich-beschlagnahmt-nach-Europol-Einbruch-9720115.html) for around[ $20,000](https://hackread.com/hackers-claim-access-nokia-internal-data-selling-20k/).
The group of threat actors has claimed that it exploited a specific [third-party](https://www.investopedia.com/terms/t/third-party.asp) contractor that was responsible for **Nokia’s internal tool development**. So far, there have been no reports about customer data breaches.
_Nokia is completely aware of the claims by IntelBroker, and the mobile manufacturing giant is looking into the matter with absolute seriousness_. Up until this time, Nokia has found no trace of data breach.
IntelBroker is known for its high-profile data breach incidents. They are a [Serbia-based group of attackers](https://www.koha.net/en/arberi/dash-i-po-trajton-pretendimin-se-sulmuesit-serbe-ne-veri-u-sterviten-me-automjete-amerikane) who **got active back in 2022**. _Since then, IntelBroker has impacted companies like Apple, Europol, General Electric, the US House of Representatives, and DARPA_.
Experts believe that sooner or later, Nokia would realize that [InterlBroker’s claims](https://thecyberexpress.com/unconfirmed-cognizant-data-leak/) are **absolutely true**. _They are concerned that if IntelBroker’s claim is true, then the stolen data would be used maliciously by other threat actors against Nokia_. Hackers can use user credentials to get illegitimate access to [Nokia’s networks](https://www.cnbctv18.com/business/companies/att-chooses-ericsson-for-new-us-telecom-network-will-drop-nokia-18495651.htm). The nature of the data stolen would give a clear picture of the exact threats that Nokia might face in the future .
This data breach is also a bleak reminder of how even the biggest of names in the industry can be impacted by third parties. Major \*\*multinational organizations such as Bank of America, [American Express](https://www.cbsnews.com/news/american-express-data-breach-amex/), and Santander have already faced similar incidents. The third-party involvement has further complicated the situation for Nokia.
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/)
[ Brad Slavin ](/authors/brad-slavin/)
General Manager
Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base.
[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 8m 10 Critical Learnings From Verizon’s 2021 DBIR - A DMARCReport Perspective Nov 25, 2025 ](/blog/10-critical-learnings-from-verizons-2021-dbir-a-dmarcreport-perspective/)[ Foundational 12m 10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[ Foundational 12m 10 Email Spoofing Detection Tools That Dramatically Improve Brand Protection Nov 11, 2025 ](/blog/10-email-spoofing-detection-tools-that-dramatically-improve-brand-protection/)[ Foundational 12m 10 Reasons SPF Filtering Is Critical For Email Security Nov 19, 2025 ](/blog/10-reasons-spf-filtering-is-critical-for-email-security/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Vendor Causes Breach, Texas Supplier Hacked, Nokia Investigates Breach","description":"Amazon employee data exposed via the 2023 MOVEit flaw CVE-2023-34362, Texas oilfield firm Newpark files a ransomware 8-K, and Nokia probes IntelBroker's claims.","url":"https://dmarcreport.com/blog/vendor-causes-breach-texas-supplier-hacked-nokia-investigates-breach/","datePublished":"2024-11-15T08:10:45.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2024-11-15T08:10:45.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/vendor-causes-breach-texas-supplier-hacked-nokia-investigates-breach/"},"articleSection":"foundational","keywords":"dkim, DMARC, email security, SPF","wordCount":1109,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Vendor Causes Breach, Texas Supplier Hacked, Nokia Investigates Breach","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Vendor Causes Breach, Texas Supplier Hacked, Nokia Investigates Breach","item":"https://dmarcreport.com/blog/vendor-causes-breach-texas-supplier-hacked-nokia-investigates-breach/"}]}
```