Introduction

HackNotice’s Third Party Service provides continuous, near real-time visibility into cyber incidents affecting the vendors, suppliers, data partners, and service providers your business depends on. By monitoring third-party breach activity and delivering enriched company profiles—including historical breaches, leaked data exposure, ransomware activity, adversary behavior insights, and the Ransomware Threat Factor—this service enables organizations to reduce supply chain risk and improve vendor governance.

In addition to monitoring, HackNotice helps teams take action through automated and recurring vendor security assessments, allowing you to respond efficiently to vendor breaches and meet ongoing third-party risk and compliance requirements.

The service also incorporates Attack Heatmap insights, mapping observed adversary behavior to MITRE ATT&CK techniques, detection strategies, and mitigations—enabling teams to prioritize controls based on real-world threats targeting their vendors’ industries and regions.

For real-world examples of how customers use this service, review the Third Party Use Case Playbook (link).
To build automated, customized alerting workflows, see Tiered Alerts – Customized Alerts & Workflows (link).

Additional Third Party Service Resources:

• Global Breaches Dashboard – Global data breach trends (article link)

• Ransomware Dashboard – Global ransomware attack trends (article link)

• Strategic Third Party Dashboard – Overview of monitored vendors (article link)

• Attack Heatmap - Active TTP trends mapped to MITRE and control frameworks (article link)

• Assessments - Security assessments and breach alert response assessments (article link)

Using the Third Party Service

Below are the key areas of the Third Party Service, accessible under Business → Third Party in the HackNotice UI.

Vendor Monitoring List (Business → Third Party → Watchlist)

Your Watchlist is where you add vendors you want to monitor.

Getting Started

• Add a vendor domain using the input field at the top of the page.

  • You can also bulk import vendors through the HackNotice UI at Business → Account → Uploads.

• Vendors you add will appear in the Watchlist table.

• Click any domain name to open that vendor’s Company Profile.

(You can also visit our “Getting Started” guide here: link)

Company Profile Overview

Each monitored vendor includes a dynamic company profile that combines adversary intelligence, breach data, and industry-level threat trends to help you understand real-world risk exposure and prioritize action.

These profiles move beyond static risk scoring by incorporating active threat behavior, ransomware trends, and dark web intelligence.

1. Company Overview

Located at the top of the profile, this section provides key context about the organization:

• Domain and company name
• Industry classification
• Headquarters location
• Employee count (when available)

This establishes the baseline context used to compare the company against industry and regional threat trends.

Note: You can look up any company profile at any time as much as you'd like at Business → Third Party → Companies (more details below)

2. Ransomware Threat Factor

The Ransomware Threat Factor is HackNotice’s primary exposure score, designed to quantify a company’s risk of ransomware-related impact.

What It Measures

This score combines:

• Historical breaches and leaked data exposure

• Recent ransomware activity targeting the company’s industry and region

• External threat pressure from active adversary behavior

How to Interpret It

• Higher scores indicate increased likelihood of ransomware-related risk

• Lower scores indicate comparatively lower exposure

Unlike traditional scoring models, this metric reflects both historical exposure and current threat activity, providing a more threat-oriented view of risk.

3. Risk Analysis (Dropdown)

The Risk Analysis section breaks down the components that contribute to the overall Threat Factor, giving visibility into why a company is considered high or low risk.

This includes:

• Ransomware Threat Factor Trend – Overall exposure over time

• Industry Threat Factor – Risk based on industry targeting trends

• Region Threat Factor – Risk based on geographic targeting

• Data Threat Factor – Risk driven by leaked data and breach history

Each component includes trend data and recent changes, allowing you to identify whether risk is increasing, decreasing, or stable.

4. Recent Security Events (Dropdown)

This section provides a consolidated view of confirmed security activity related to the vendor.

Includes:

• Historical breach alerts

  • Click into a breach to view the breach details.

• Detected breaches across the company’s third-party vendors (4th parties)

• Historical Spike events indicating surges in leaked data

This enables you to quickly assess:

• Whether the vendor has been recently compromised

• Whether risk is emerging through their supply chain

• Whether threat actor activity is increasing

5. Redacted Research Records (Dropdown)

Displays the most recent dark web records associated with the company’s domains.

Key Characteristics:

• Records are redacted for security

• Shows recent activity from underground sources

• Provides directional insight into active exposure

This helps validate whether a company is currently appearing in real adversary-controlled environments.

6. Ransomware Risk (Dropdown)

Provides insight into how ransomware actors are targeting this company’s environment.

Includes:

• Recent ransomware activity within the company’s industry

• Most active ransomware groups targeting that industry

• Most active ransomware groups targeting the company’s region

This helps answer:

• Is this company operating in a high-target industry?

• Which threat actors are most relevant?

7. Attack Heatmap Insights (Dropdown)

This section connects observed threat activity to actionable security controls.

Displays:

• Top attack techniques (TTPs)

• Relevant MITRE ATT&CK techniques

• Suggested detection strategies

• Recommended mitigations

All insights are derived from the last 90 days of activity across the company’s industry and region.

This allows teams to:

• Prioritize defenses based on real attacker behavior

• Align security controls to current threats—not theoretical risks

8. Assessments & Standards (Dropdown)

This section bridges real-world threat activity with security and compliance frameworks, helping you translate attacker behavior into actionable assessment priorities.

Displays:

Top 3 control categories across:

• SIG Core
• SIG Lite
• NIST
• ISO 27001

Each category is mapped directly to the most relevant attack techniques (TTPs) identified in the Attack Heatmap Insights section over the last 90 days.

What It Shows:

• Which framework control areas are most critical based on current threat activity
• Where security gaps are most likely to exist
• Which assessment categories should carry more weight during vendor evaluations

How to Use It:

• Prioritize vendor questionnaire focus areas based on real attack trends
• Align assessments with controls that directly mitigate active threats
• Strengthen compliance efforts with threat-informed context

This allows teams to move from:

Generic, checklist-based assessments, to Targeted, intelligence-driven evaluations aligned to how attackers are operating today

9. Industry & Regional Threat Landscape (Dropdown)

Provides a macro view of how threat activity is evolving around the company.

Includes:

• Breach trends within the company’s industry

• Breach trends within the company’s geographic region

• Percentage increases or decreases in activity

This helps you understand whether risk is:

• Increasing across the ecosystem

• Stabilizing

• Declining

Company Profiles - Why This Matters

Company Profiles provide a real-time, evidence-based view of vendor risk, combining:

• Historical breach data

• Live ransomware intelligence

• Dark web exposure

• Adversary behavior trends

This enables security teams to move from:

Static vendor assessments to Continuous, intelligence-driven risk prioritization

Vendor Breach Alerts (Business → Third Party → Timeline)

The Third Party Timeline shows all breach events (Breaches) affecting your monitored vendors in chronological order.

Key Elements

• Event Date – When HackNotice ingested and published the alert

• Domain – The company affected

• Description – Linked summary of the event, sources, and exposed information

New breach events:

• Generate an immediate alert

• Appear at the top of the timeline

• Are fully available through the HackNotice API for automated ingestion

Timeline Filters & Sorting

Use the filter options at the top of the timeline to filter results by threat actor, industry, region, tier, tag, sourcetype, or date range. You can also filter the timeline to be sorted by Event Date (date of the breach) or Alert Date (date of the HackNotice alert). Check the 'Filters' box to view all available filters and sorting.

To save a set of applied filters, enter a 'Saved Search' name into the 'Search Name' box and press 'Save Search' after your filter and sort options are applied. You can access your Saved Searches any time by using the 'Saved Search' drop down at the top right of the page.

Operational Dashboard (Business → Third Party → Dashboard)

For information on the strategic dashboard, please visit this link.

The operational Third Party Dashboard provides a managerial, high-level view of breach and ransomware trends across your monitored vendors.

Dashboard Elements

• Third Parties with Alerts – Vendors ranked by historical breach volume

• Third Parties with Spikes – Vendors currently experiencing threat-intelligence-verified exposure spikes

• Ransomware Gangs – The ransomware groups most active across your vendor ecosystem

This dashboard is ideal for technical reporting. For the strategic/graphical Third Party Dashboard, navigate to Dashboards → Third Party Dashboard (reference article).

Company Profile Look Up (Business → Third Party → Companies)

The Companies page is a searchable directory of all organizations in the HackNotice ecosystem. You can search by:

• Domain

• Company Name

Be sure to select drop down at the top left of the page according to your search type.

This page is useful for vendor onboarding, quick reviews, and broad industry benchmarking.

Use Cases

Vendor Onboarding / Review

• Type any domain into the search bar to see if HackNotice already tracks the vendor.

• Switch to Search: Name to search by company name.

Global Breach Trend Analysis

Apply filters for:

• Industry (based on NAICS codes)

• Employee count

• Revenue range

Then sort by Most Recent Breach to explore industry-wide incident patterns.

Finding New Vendors to Monitor

• Use filters or sorting (e.g., Most Popular) to discover commonly monitored or high-risk vendors.

• Click the + icon to add a vendor to your Watchlist.

• A checkmark means the vendor is already being monitored.

Third Party Q&A

How long does it take for a new vendor profile to appear?

HackNotice processes new third-party watchlist items roughly every 90 minutes, and never longer than three hours.
If the company already exists in our Companies Dataset, reports are available instantly.

You can always search directly in All Hacks to retrieve historical breach events immediately.

How far back does the breach data go?

HackNotice began collecting events in 2018, but some sources go back as far as 2001.
Events are most reliable from 2018 onward.

Do events ever expire or get removed?

No. Breach events remain in our platform permanently and are never removed.

How often are organizations re-checked for new events?

Continuously throughout the day.
HackNotice ingests new potential events from hundreds of sources daily and:

• Adds new breach events for monitored vendors

• Updates existing events when new sources are identified

• Generates alerts for any new findings tied to your Watchlist

Summary

The Third Party Service gives you continuous visibility into the breach activity, dark web exposure, risk posture, and ransomware targeting of the vendors you rely on. With Watchlist monitoring, Company Profiles, Timeline visibility, and dashboards like the Global Breaches Dashboard, Ransomware Dashboard, and Strategic Third Party Dashboard, your organization can proactively manage third-party risk and stay ahead of supply-chain threats.