3rd Party Data Breach At PIP Printing Leaks Thousands Of Sensitive Documents

Over the weekend, NBC News reported that an online data breach at PIP Printing, caused by a 3rd-party IT vendor, leaked thousands of sensitive documents, ranging from labor filings including NFL players, to lawsuits against Hollywood studios, to personal immigration-related papers. Jeff Hill, Director of Product Management, at 3rd party risk management leader Prevalent (Warren, NJ) commented below.

Jeff Hill, Director of Product Management at Prevalent:

jeff-hill“The PIP episode highlights the multi-dimensional nature of today’s cyber threat environment.  First, not only did it involve a 3rd party (PIP), but in reality, the vulnerability was attributable to a 4th party (the IT company responsible for PIP’s systems), illustrating the danger in today’s extended data supply chain.  Second, the intrusion wasn’t discovered for 4 months, giving the attackers ample time to locate and extract the most sensitive – and in this case, salacious – data.

Third, the case exemplifies the importance of vendor diligence in the digital age for even what most would consider an innocuous sub-contractor, a printer.  Finally, driven home here is the formerly quaint notion that sensitive information equals credit card numbers and phone numbers.   Indeed, it’s a safe bet that the victims in the PIP breach would gladly trade a stolen credit card number that can easily be cancelled for the exposure of embarrassing details of a lawsuit deposition or sexual harassment claim.”

Information Security Buzz