3rd Party Data Breach At PIP Printing Leaks Thousands Of Sensitive Documents

Over the weekend, NBC News reported that an online data breach at PIP Printing, caused by a 3rd-party IT vendor, leaked thousands of sensitive documents, ranging from labor filings including NFL players, to lawsuits against Hollywood studios, to personal immigration-related papers. Jeff Hill, Director of Product Management, at 3rd party risk management leader Prevalent (Warren, NJ) commented below.

Jeff Hill, Director of Product Management at Prevalent:

jeff-hill“The PIP episode highlights the multi-dimensional nature of today’s cyber threat environment.  First, not only did it involve a 3rd party (PIP), but in reality, the vulnerability was attributable to a 4th party (the IT company responsible for PIP’s systems), illustrating the danger in today’s extended data supply chain.  Second, the intrusion wasn’t discovered for 4 months, giving the attackers ample time to locate and extract the most sensitive – and in this case, salacious – data.

Third, the case exemplifies the importance of vendor diligence in the digital age for even what most would consider an innocuous sub-contractor, a printer.  Finally, driven home here is the formerly quaint notion that sensitive information equals credit card numbers and phone numbers.   Indeed, it’s a safe bet that the victims in the PIP breach would gladly trade a stolen credit card number that can easily be cancelled for the exposure of embarrassing details of a lawsuit deposition or sexual harassment claim.”

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.