When most of us think of our vendors handling sensitive information, we tend to gravitate toward the obvious: the payroll processing company, our contracts law firm, our accounting firm with our financial data, or the patent law firm with all our intellectual property. Frankly, the company that builds and maintains the company website isn’t typically top of mind.
Ask the Australian Red Cross if they agree.
Earlier this week, the Australian Red Cross Blood Service reported that over a half million donor records had been compromised by a third-party web development company:
“We learned that a file, containing donor information, which was located on a development website, was left unsecured by a contracted third party who develops and maintains our website.”
Was the exposed data sensitive? A little.
To wit:
“The breach meant 550,000 citizens… had private information such as their address, contact details, blood type and details of previous donations posted online by an ‘unauthorized person.’
The information compromised also includes whether or not the individual had taken drugs or engaged in “at-risk sexual behavior” such as…”
You get the idea…
Sensitive data is everywhere, and it’s impossible to do business today without trusting vendors with it. Some of those vendors are multi-national companies with massive data security budgets and staffs… and some build websites out of strip-mall offices. Your business has to protect your sensitive data – as well as that of your customers’ – in either case.
It’s an unavoidable and growing challenge that requires the right expertise and tools.
We have both.
Note de la rédaction : Ce billet a été publié à l'origine sur Prevalent.net. En octobre 2024, Mitratech a acquis l'entreprise Prevalent, spécialisée dans la gestion des risques pour les tiers et dotée d'une intelligence artificielle. Le contenu a depuis été mis à jour pour inclure des informations alignées sur nos offres de produits, les changements réglementaires et la conformité.
