In September 2025, Discord — a communication app millions use for voice, video, and text chat — fell victim to a major data breach. But the breach didn’t originate from Discord’s own systems. Instead, it was traced back to 5CA, a third-party customer support vendor. This incident underscores a growing concern in cybersecurity: the vulnerabilities introduced through outsourced relationships.
The hacker group Scattered Lapsus$ Hunters (SLH) claimed responsibility for the attack, which reportedly involved infiltrating the Zendesk-based support ticket system 5CA used to manage Discord’s customer interactions.
Once inside, the attackers accessed internal dashboards and exfiltrated a staggering 1.6 terabytes of data. The stolen information included real names, email addresses, Discord usernames, IP addresses, limited billing details, and even government-issued ID images submitted for age verification — impacting around 70,000 users globally.
Discord responded swiftly by cutting off 5CA’s access, launching a forensic investigation, and notifying affected users. However, 5CA denied being directly hacked, suggesting the breach may have occurred outside its systems due to human error. Regardless of the entry point, the incident highlights the critical importance of vendor security audits, zero-trust architectures, and clear accountability in outsourced relationships.
As companies increasingly rely on third-party providers, this breach serves as a stark reminder: Your cybersecurity is only as strong as your weakest vendor.
What is vendor management?
A 2025 report by Demand Sage revealed that 66% of U.S. businesses outsource — i.e., hiring a third party to perform work that would otherwise be done internally — at least one department or function. Vendor management focuses on controlling the risk associated with hiring a third party as much as possible, so your organization is protected. A robust program includes:
Setting up and sustaining your program
For small- and medium-sized businesses, the vendor management process needs to be straightforward and simple to maintain. Otherwise, it may not be viable. To accomplish that, consider the following framework:
Setup – Document the reason for the program and the structure. Also be sure to define the roles and responsibilities required.
Vendor inventory – Capture all existing vendors, document pertinent information, and keep the inventory current.
Vendor selection – Develop a standard to evaluate vendors before engaging their services.
Annual evaluation – Over time the nature of the relationship might change, and it is important to review vendor performance regularly. At a minimum, this should occur annually.
Contract criteria – Not all contracts are similar. Develop a standard to evaluate contracts prior to entering them, as well as yearly. This helps ensure the organization is protected.
Security review – While often overlooked, security reviews are critical because vendors clearly can be a major source of risk. Establish a review standard and continually evaluate it because threats evolve constantly.
Getting started
Vendor management is all-encompassing. That’s why the largest organizations in the world have entire teams dedicated to it.
At small- and medium-sized businesses, however, there could be no people working on vendor management and risk mitigation. If there are, they may be overwhelmed by the comprehensive, ongoing nature of the undertaking.