Recent breaches and the IGA gaps teams keep missing

TL;DR: A review of ten major 2023 to 2025 breaches found recurring identity failures, including stale credentials, missing MFA, over-privileged accounts, and weak third-party access, with the incidents collectively affecting over 700 million people and costing billions, according to Opal Security. The pattern shows governance gaps, not novel exploits, are still driving large-scale compromise.

NHIMG editorial — based on content published by Opal Security: Back 10 Recent Breaches that Could Have been Prevented with Modern IGA

By the numbers:

• The following ten breaches from 2023 to 2025 represent some of the most consequential cybersecurity incidents in recent history.
• Collectively, these incidents affected over 700 million individuals.
• Seven of 10 breaches involved credentials that were stolen, unrotated, or stored insecurely.

Questions worth separating out

Q: What breaks when access reviews are only treated as an audit exercise?

A: Access reviews fail when they do not lead to revocation, scope reduction, or ownership correction.

Q: Why do third-party accounts create disproportionate breach risk?

A: Third-party accounts often connect external operators directly to production systems, support tools, or sensitive data with wider scope than internal users need.

Q: How do organisations know whether credential governance is actually working?

A: Credential governance is working when exposed, stale, or unused secrets are discovered quickly and removed before they become active risk.

Practitioner guidance

• Audit all standing credentials and service accounts Prioritise remote access portals, support tooling, OAuth apps, and contractor accounts.
• Enforce MFA on every production access path Include legacy portals, acquired systems, help desk resets, and third-party access channels.
• Segment vendor access by task and entitlement Give outsourced teams only the fields, systems, and durations required for the job.

What's in the full article

Opal Security's full article covers the operational detail this post intentionally leaves for the source:

• Per-breach root cause notes across all ten incidents, including which access control failed in each case.
• The specific IGA capabilities Opal maps to each breach pattern, including access reviews, JIT access, and policy enforcement.
• The full breakdown of third-party access failures, support desk abuse, and legacy system exposure across the cases.
• The article's own breach-by-breach remediation mapping for teams building an identity governance programme.

👉 Read Opal Security's review of 10 breaches preventable with modern IGA →

Recent breaches and the IGA gaps teams keep missing?

Explore further

View Full Forum →  |  NHI Foundation Course →