Over the weekend, NBC News reported that an online data breach at PIP Printing, caused by a 3rd-party IT vendor, leaked thousands of sensitive documents, ranging from labor filings including NFL players, to lawsuits against Hollywood studios, to personal immigration-related papers. Jeff Hill, Director of Product Management, at 3rd party risk management leader Prevalent (Warren, NJ) commented below.
Jeff Hill, Director of Product Management at Prevalent:
“The PIP episode highlights the multi-dimensional nature of today’s cyber threat environment. First, not only did it involve a 3rd party (PIP), but in reality, the vulnerability was attributable to a 4th party (the IT company responsible for PIP’s systems), illustrating the danger in today’s extended data supply chain. Second, the intrusion wasn’t discovered for 4 months, giving the attackers ample time to locate and extract the most sensitive – and in this case, salacious – data.
Third, the case exemplifies the importance of vendor diligence in the digital age for even what most would consider an innocuous sub-contractor, a printer. Finally, driven home here is the formerly quaint notion that sensitive information equals credit card numbers and phone numbers. Indeed, it’s a safe bet that the victims in the PIP breach would gladly trade a stolen credit card number that can easily be cancelled for the exposure of embarrassing details of a lawsuit deposition or sexual harassment claim.”