Over the weekend, NBC News reported that an online data breach at PIP Printing, caused by a 3rd-party IT vendor, leaked thousands of sensitive documents, ranging from labor filings including NFL players, to lawsuits against Hollywood studios, to personal immigration-related papers. Jeff Hill, Director of Product Management, at 3rd party risk management leader Prevalent (Warren, NJ) commented below.
Jeff Hill, Director of Product Management at Prevalent:
“The PIP episode highlights the multi-dimensional nature of today’s cyber threat environment. First, not only did it involve a 3rd party (PIP), but in reality, the vulnerability was attributable to a 4th party (the IT company responsible for PIP’s systems), illustrating the danger in today’s extended data supply chain. Second, the intrusion wasn’t discovered for 4 months, giving the attackers ample time to locate and extract the most sensitive – and in this case, salacious – data.
Third, the case exemplifies the importance of vendor diligence in the digital age for even what most would consider an innocuous sub-contractor, a printer. Finally, driven home here is the formerly quaint notion that sensitive information equals credit card numbers and phone numbers. Indeed, it’s a safe bet that the victims in the PIP breach would gladly trade a stolen credit card number that can easily be cancelled for the exposure of embarrassing details of a lawsuit deposition or sexual harassment claim.”
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
