Likelihood: HIGH
Impact: VERY HIGH
Treatment: MITIGATE
Confidence: Moderate
Likelihood is high for any organization that installed elementary-data v0.23.3: the malicious payload was delivered through a legitimate, signed release pipeline — no anomaly detection or checksum verification would have flagged it, and with 1.1 million monthly downloads the install base is broad. Impact is very_high because the infostealer specifically targets cloud credentials (AWS, GCP, Azure), SSH keys, and CI/CD secrets from build environments, meaning a single compromised pipeline host can yield lateral movement across an entire cloud estate with no further attacker action required.
Treatment rationale: The threat is active, the blast radius is confirmed (cloud credentials + CI/CD secrets), and the attack vector is already inside the build pipeline — immediate credential rotation, version rollback, and pipeline isolation are the only options that reduce realized loss; transfer or acceptance are not viable at this risk level.
Third-Party / Supply-Chain Risk
elementary-data is a third-party PyPI dependency embedded in data and analytics pipelines across organizations that did not author or control the compromised package or its CI/CD infrastructure. The attack exploited the GitHub Actions pipeline and GitHub Container Registry (ghcr.io/elementary-data/elementary) — both shared platforms — meaning organizations inherited a supply-chain compromise without any vulnerability in their own code. Per NIST SP 800-161, any organization that consumed this package or pulled the associated container image must be treated as a potentially compromised downstream acquirer. Organizations using dbt ecosystem integrations face additional transitive exposure if elementary-data is a dependency of other tooling in their data stack.
Loss Exposure (illustrative)
Magnitude: high — illustrative $500K–$5M per exposed organization, scaling with cloud estate size and data sensitivity
Frequency: For any organization confirmed to have installed v0.23.3: this is a discrete, already-triggered event, not a probabilistic future exposure — the question is realized loss magnitude, not frequency. Illustratively treated as a single high-severity loss event with secondary frequency risk (follow-on ransomware, persistent access) if credentials are not rotated before attacker use.
Annualized: Insufficient basis for a meaningful ALE figure — this is a point-in-time supply-chain compromise with variable realized loss depending on whether the attacker used the credentials before detection and rotation. Illustrative single-event loss range of $500K–$5M is the more honest framing than an annualized figure.
Basis: Range derived from: (1) blast radius scoped to cloud credential sets and CI/CD secrets accessible from build environments — not limited to a single application; (2) potential loss categories include cloud resource abuse/destruction, data exfiltration response (forensics, notification, regulatory), pipeline rebuild and secret rotation costs, and operational downtime; (3) lower bound assumes rapid detection and credential rotation before attacker lateral movement; upper bound assumes attacker dwell time sufficient for data exfiltration or destructive action across cloud accounts. No external report figures cited.
Illustrative estimate — not actuarially derived.
Insurance / Contractual / Legal — Potential Obligations
Potential triggers, not legal determinations. Verify with counsel/broker before acting.
• Cloud credential exfiltration enabling unauthorized access to data stores containing PII or regulated data may invoke state and federal breach-notification obligations — verify with counsel.
• Confirmed or suspected compromise of CI/CD secrets and cloud credentials may trigger cyber-insurance notice obligations under policy reporting windows — verify with broker.
• If cloud environments accessed via stolen credentials are shared with or process data on behalf of customers or partners, downstream contractual breach-notification or incident-reporting clauses may be triggered — verify with counsel.
• Exfiltration of credentials providing access to systems in scope for PCI-DSS, HIPAA, or SOC 2 may invoke regulatory and audit reporting requirements — verify with counsel.
