August 27, 2020//Tori Taylor
Last Updated: April 18, 2022The past few years have been filled with third-party data breaches, cyberattacks, and unauthorized access. With all of these cyberattacks happening, it seems like there’s a new company making headlines for it each and every day. Let’s take a look at some third-party data breaches that broke headlines around the world.
A third-party data breach occurs when sensitive information is stolen from a third-party vendor or when the third party's systems are used to access the data. Third-party data breaches are increasingly common in today's interconnected economy.
In 2017, Select Restaurants left customers’ sensitive information – including name, card number, expiration date, and CVV– on the table. The company, which manages 12 seafood restaurants across the US, was alerted to the hack by their point of sale (POS) vendor. Further investigation showed a data breach across all the restaurant locations, stemming from a third-party network intrusion. According to Upserve’s comprehensive list of compromised restaurants, cyberattacks on vendors and POS systems are quite common in the restaurant industry because these systems aren’t as secure as they could, or should, be.
In early 2018, an unnamed utility company was fined $2.7 million for leaving 30,000 records about its information security assets exposed online for 70 days back in 2016. Months later, it was released that this company was Pacific Gas & Electric Company (PG&E). According to Data Breach Today, this breach happened after a third-party vendor had improperly copied data from the utility network to their own network.
In June 2019, both LabCorp and Quest Diagnostics experienced third-party data breaches that exposed 7.7 million and 11.9 million records, respectively. Included in the third-party data breach were names, date of birth, address, phone number, date of service, and more, according to TechCrunch, and ranged from August 2018 until March 2019. Both data breaches were caused by a hacker that gained access to American Medical Collection Agency’s (AMCA) system, which is a third-party vendor that the two companies have in common.
2020 was also a wild year in terms of life in general. From the Coronavirus pandemic, to killer hornets, to sports being played in a bubble– it might seem like third-party data breaches have taken the backseat. That, sadly, isn’t the case. Though we’re all feeling fatigued when it comes to headlines and continued news, hackers aren’t going to sit back and wait for a more convenient time to steal data. The bar exam (the test that you have to take in order to become a lawyer) has crashed and also been hacked, people are worried about voting in elections, and you’ve probably received a couple of letters in the mail about a data breach that happened– but don’t worry, they’re offering you free credit monitoring. Usually, that move is too little, too late.
These events highlight the multitude of third-party data breaches that occur every day, which leads us to ask this question– how secure is your data, especially when it comes to your third-party vendor access?
Have you considered the consequences of becoming susceptible to a third-party data breach or ransomware attack?
Data breaches that stem from third parties, vendors, or contractors are on the rise. In fact, the increase in third-party data breaches is due to the industrialization of the cybercriminal ecosystem and innovations such as ransomware, which makes cybercrime much more profitable and easier to carry out. Plus, the tools used for remote access, like virtual private networks (VPNs), aren’t properly secured to keep your network (and your company) safe from bad actors.
The biggest issue with any data breach is that it doesn’t just affect your company monetarily. You have to also consider the other risks, like:
A lot of companies focus their efforts on ensuring that their internal employees are educated and understand the importance of not clicking on links in emails, changing passwords every 90 days, and not sharing passwords. But, when we don’t consider the same education and importance for external users that have network access, we leave ourselves open to the possibility that a bad actor uses that as a way to get into your network.
And this isn’t hypothetical. It happens, and it happens a lot. Let’s look at three ways you can keep your data secure from third-party data breaches:
Without clear visibility into remote networks and third-party systems, it can be hard to know if a current or potential vendor may be compromised or vulnerable to a third-party data breach.
You need to be able to identify possible red flags so you can take steps to protect your network from cyberattacks and other threats to your data.
Interested to learn more about how to keep your data, your company, and your reputation safe from third-party data breaches? Download our helpful and interactive checklist that highlights the top ways to identify a vulnerable vendor.