Supply Chain Cyberattacks in the U.S. Surge from 2021 to 2025, New Data Reveals
A recent report from the Identity Theft Resource Center (ITRC), published on January 23, 2026, highlights a sharp rise in supply chain cyberattacks impacting U.S. entities between 2021 and 2025. The data, compiled by Statista, tracks the annual number of organizations affected by these attacks, underscoring the growing threat to third-party vendors and interconnected digital ecosystems.
While the full dataset requires a premium Statista account, the findings reflect a broader trend: supply chain attacks have become a preferred vector for cybercriminals, exploiting vulnerabilities in software providers, service vendors, and other trusted partners to compromise multiple downstream targets. The ITRC’s analysis suggests that as reliance on third-party solutions increases, so does the attack surface for organizations across sectors from healthcare and finance to technology and logistics.
The report serves as a benchmark for assessing the scale of supply chain risks, though specific figures on the number of impacted entities remain restricted to paid subscribers. The data was last accessed on March 23, 2026, and is part of Statista’s broader repository of cybersecurity and threat intelligence metrics.
Identity Theft Resource Center - Nonprofit cybersecurity rating report: https://www.rankiteo.com/company/idtheftcenter
Statista cybersecurity rating report: https://www.rankiteo.com/company/statista
"id": "IDTSTA1774247265",
"linkid": "idtheftcenter, statista",
"type": "Cyber Attack",
"date": "1/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': ['Healthcare',
'Finance',
'Technology',
'Logistics'],
'location': 'U.S.'}],
'attack_vector': 'Third-party vendors, software providers, service vendors',
'date_publicly_disclosed': '2026-01-23',
'description': 'A report from the Identity Theft Resource Center (ITRC) '
'highlights a sharp rise in supply chain cyberattacks '
'impacting U.S. entities between 2021 and 2025, compiled by '
'Statista. Supply chain attacks have become a preferred vector '
'for cybercriminals, exploiting vulnerabilities in software '
'providers, service vendors, and trusted partners to '
'compromise multiple downstream targets across sectors like '
'healthcare, finance, technology, and logistics.',
'references': [{'date_accessed': '2026-03-23',
'source': 'Identity Theft Resource Center (ITRC)'},
{'date_accessed': '2026-03-23', 'source': 'Statista'}],
'title': 'Supply Chain Cyberattacks Surge in the U.S. (2021-2025)',
'type': 'Supply Chain Attack'}