Third Party Service Overview (Business Services)

Introduction

HackNotice’s Third Party Service gives you continuous, near real-time visibility into cyber incidents affecting the vendors, suppliers, data partners, and service providers your business depends on. By monitoring third-party breach activity and providing detailed company profiles—including historical breaches, leaked record exposure, ransomware activity, and our Threat Factor risk score—this service helps organizations reduce supply chain risk and improve vendor governance.

For real-world examples of how customers use this service, review the Third Party Use Case Playbook (link).
To build automated, customized alerting workflows, see Tiered Alerts – Customized Alerts & Workflows (link).

To visualize breaches, ransomware activity, and exposure trends across your vendor ecosystem, refer to the dashboards associated with this service:

• Global Breaches Dashboard – global breach activity across industries and regions (article link)

• Ransomware Dashboard – ransomware gang trends, targeting patterns, and TTPs (article link)

• Strategic Third Party Dashboard – Breach and Threat Factor trends for monitored vendors (article link)

Using the Third Party Service

Below are the key areas of the Third Party Service, accessible under Business → Third Party in the HackNotice UI.

Vendor Monitoring List (Business → Third Party → Watchlist)

Your Watchlist is where you add vendors you want to monitor.

Getting Started

• Add a vendor domain using the input field at the top of the page.

  • You can also bulk import vendors through the HackNotice UI at Business → Account → Uploads.

• Vendors you add will appear in the Watchlist table.

• Click any domain name to open that vendor’s Company Profile.

(You can also visit our “Getting Started” guide here: link)

Company Profile Overview

Each monitored vendor has a dedicated company profile containing intelligence on:

1. Company Information

Found at the top left of the profile. Includes:

• Headquarters location

• NAICS industry classification

• Employee count (when available)

• Annual revenue (when available)

This gives you a foundational understanding of the organization’s size and sector.

Note: You can look up any company profile at any time as much as you'd like at Business → Third Party → Companies (more details below)

2. Historically Breached Third Parties (4th Parties)

This list identifies your vendor’s vendors—companies that supply services to your monitored vendor. These organizations have experienced historical data breaches and contribute to your 4th-party risk exposure.

If you’d like a consolidated list of your most common 4th parties across all monitored vendors, contact your HackNotice representative.

3. Leaked Records

Quantifies leaked or exposed records associated with the vendor’s domain:

• Total all-time

• Last 30 days

• Last 60 days

• Last 90 days

• Last 180 days

This measurement helps assess how frequently sensitive data related to the third party appears in dark web sources.

4. Spikes

A Spike is recorded when there is a sudden, meaningful increase in leaked records tied to a vendor.

Why Spikes Matter

Spikes were validated in a year-long study with a major cyber insurance underwriter, which found a strong correlation between leaked-record spikes and cyber insurance claims within the next 4–12 weeks.
A spike indicates increased threat actor attention—often associated with the reconnaissance phase of the cyber kill chain.

HackNotice began storing Spikes historically on March 6th, 2024.

5. Hack Timeline

Shows all historical breach events and security incidents (Breaches) associated with the vendor.

For each event, you’ll see:

• Event Date

• Breach Summary

• Exposed information categories

• Source type and links to original reporting

• Hacker Threats

• Security Recovery steps

Click any breach entry to view the full breach event, including contextual threat intelligence and supporting sources.

6. Threat Factor (Dark Web Exposure Score)

The Threat Factor score is a quantifiable dark web exposure risk score designed to assess the vendor’s susceptibility to:

• Social engineering

• Account takeover

• Password-driven compromise

How It Works

• HackNotice normalizes leaked record counts and historical Breaches per 1,000 employees.

• It compares these values against industry averages according to the vendor’s NAICS code.

• A score of 1.00 means the vendor matches its industry average.

• Scores below 1.00 indicate lower-than-average exposure risk.

• Scores above 1.00 indicate higher-than-average exposure risk.

Threat Factor has been publicly available since March 6th, 2024 and updates twice daily.

Vendor Breach Alerts (Business → Third Party → Timeline)

The Third Party Timeline shows all breach events (Breaches) affecting your monitored vendors in chronological order.

Key Elements

• Event Date – When HackNotice ingested and published the alert

• Domain – The company affected

• Description – Linked summary of the event, sources, and exposed information

New breach events:

• Generate an immediate alert

• Appear at the top of the timeline

• Are fully available through the HackNotice API for automated ingestion

Timeline Filters & Sorting

Use the filter options at the top of the timeline to filter results by threat actor, industry, region, tier, tag, sourcetype, or date range. You can also filter the timeline to be sorted by Event Date (date of the breach) or Alert Date (date of the HackNotice alert). Check the 'Filters' box to view all available filters and sorting.

To save a set of applied filters, enter a 'Saved Search' name into the 'Search Name' box and press 'Save Search' after your filter and sort options are applied. You can access your Saved Searches any time by using the 'Saved Search' drop down at the top right of the page.

Operational Dashboard (Business → Third Party → Dashboard)

The operational Third Party Dashboard provides a managerial, high-level view of breach and ransomware trends across your monitored vendors.

Dashboard Elements

• Third Parties with Alerts – Vendors ranked by historical breach volume

• Third Parties with Spikes – Vendors currently experiencing threat-intelligence-verified exposure spikes

• Ransomware Gangs – The ransomware groups most active across your vendor ecosystem

This dashboard is ideal for technical reporting. For the strategic/graphical Third Party Dashboard, navigate to Dashboards → Third Party Dashboard (reference article).

Company Profile Look Up (Business → Third Party → Companies)

The Companies page is a searchable directory of all organizations in the HackNotice ecosystem. You can search by:

• Domain

• Company Name

Be sure to select drop down at the top left of the page according to your search type.

This page is useful for vendor onboarding, quick reviews, and broad industry benchmarking.

Use Cases

Vendor Onboarding / Review

• Type any domain into the search bar to see if HackNotice already tracks the vendor.

• Switch to Search: Name to search by company name.

Global Breach Trend Analysis

Apply filters for:

• Industry (based on NAICS codes)

• Employee count

• Revenue range

Then sort by Most Recent Breach to explore industry-wide incident patterns.

Finding New Vendors to Monitor

• Use filters or sorting (e.g., Most Popular) to discover commonly monitored or high-risk vendors.

• Click the + icon to add a vendor to your Watchlist.

• A checkmark means the vendor is already being monitored.

Third Party Q&A

How long does it take for a new vendor profile to appear?

HackNotice processes new third-party watchlist items roughly every 90 minutes, and never longer than three hours.
If the company already exists in our Companies Dataset, reports are available instantly.

You can always search directly in All Hacks to retrieve historical breach events immediately.

How far back does the breach data go?

HackNotice began collecting events in 2018, but some sources go back as far as 2001.
Events are most reliable from 2018 onward.

Do events ever expire or get removed?

No. Breach events remain in our platform permanently and are never removed.

How often are organizations re-checked for new events?

Continuously throughout the day.
HackNotice ingests new potential events from hundreds of sources daily and:

• Adds new breach events for monitored vendors

• Updates existing events when new sources are identified

• Generates alerts for any new findings tied to your Watchlist

Summary

The Third Party Service gives you continuous visibility into the breach activity, dark web exposure, risk posture, and ransomware targeting of the vendors you rely on. With Watchlist monitoring, Company Profiles, Timeline visibility, and dashboards like the Global Breaches Dashboard, Ransomware Dashboard, and Strategic Third Party Dashboard, your organization can proactively manage third-party risk and stay ahead of supply-chain threats.