Read why Joseph J. Lazzarotti says that third-party vendors pose a definitive data breach risk on Lexology :
According to reports, bank customers in Australia (yes, data breach notification requirements exist down under) have been affected by “an industry-wide” data breach experienced by a third-party service provider to the banks – property valuation firm, LandMark White. As expected, the banks are investigating and in some cases notifying customers about the incident. However, there are reports that some of the affected banks are suspending this vendor from the group of valuation firms they use. This is not an unusual reaction by organizations whose third party service providers have or are believed to have caused a data breach affecting the organization’s customers, patients, students, employees, etc. But, it is worth thinking about whether that is the best course of action.
Read his full article here.