Over the weekend, NBC News reported that an online data breach at PIP Printing, caused by a 3rd-party IT vendor, leaked thousands of sensitive documents, ranging from labor filings including NFL players, to lawsuits against Hollywood studios, to personal immigration-related papers. Jeff Hill, Director of Product Management, at 3rd party risk management leader Prevalent (Warren, NJ) commented below.
Jeff Hill, Director of Product Management at Prevalent:
“The PIP episode highlights the multi-dimensional nature of today’s cyber threat environment. First, not only did it involve a 3rd party (PIP), but in reality, the vulnerability was attributable to a 4th party (the IT company responsible for PIP’s systems), illustrating the danger in today’s extended data supply chain. Second, the intrusion wasn’t discovered for 4 months, giving the attackers ample time to locate and extract the most sensitive – and in this case, salacious – data.
Third, the case exemplifies the importance of vendor diligence in the digital age for even what most would consider an innocuous sub-contractor, a printer. Finally, driven home here is the formerly quaint notion that sensitive information equals credit card numbers and phone numbers. Indeed, it’s a safe bet that the victims in the PIP breach would gladly trade a stolen credit card number that can easily be cancelled for the exposure of embarrassing details of a lawsuit deposition or sexual harassment claim.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…