.png)
Vendor Transparency
Seven Years. Five Major Outages. Wells Fargo Still Calls It "Routine Maintenance."
A multi-year audit of Wells Fargo's outage history reveals a repeating pattern: power-related infrastructure failures, opaque communication, and prolonged customer impact framed as "routine maintenance." For boards and PE sponsors, the lesson is not that Wells Fargo has IT problems. It is that operational resilience is a structural cyber risk that shows up in patterns, not single events — and that vendor communication language is its own audit-grade signal of governance health.
275 Million Users Exposed. 8,809 Schools Down. Instructure Calls It "Scheduled Maintenance."
On May 7, 2026, Instructure replaced an active ShinyHunters ransom message on Canvas with a fake “scheduled maintenance” page during finals week at 8,809 schools. This is the third Instructure breach in eight months — a pattern of failed customer service, failed honesty, and failed integrity that, when academic institutions depend on you, crosses into criminal dereliction of duty.
Frost Bank and the New Vendor-Risk Reality
A vendor incident may begin outside your walls, but customers, regulators, and plaintiffs experience the outcome as your breach. Frost Bank is a timely reminder that third-party risk is now first-party accountability.