Third-Party Breaches Only Getting Worse

It’s common for retailers today to work with third-party partners to offer and deliver goods and services when and how their customers want them. But you still must cover your own bases, especially when it comes to matters of data security.

North Country Business Products reported a data security incident that may have allowed unauthorized access to consumers’ credit or debit card information. The company handles payment operations for many hotels and food establishments, including Holiday Inn, Dunn Brothers Coffee and Zipps Sports Grill.

An investigation revealed that point-of-sale (POS) malware provided hackers with unauthorized access to the company’s business partners through their payment systems, exposing cardholder names, credit card numbers, expiration dates, and CVVs.

Third-party data breaches, like the North Country Business Products breach above, are becoming much too common as evidenced by Ponemon Institute study, which found that 59% of companies surveyed said they have experienced a data breach caused by their vendors or third parties.

Of the more than 1,000 CISOs and other security and risk professionals surveyed across the U.S. and U.K., the majority of those surveyed report that the third-party landscape has gotten increasingly complex as companies are becoming more reliant on these vendors. The research also found “that 22% of respondents admitted they didn’t know if they had a third-party data breach during the past 12 months, and more than three-quarters of companies think third-party cybersecurity breaches are increasing.”

Another startling discovery was that companies share confidential and sensitive information with around 583 third parties. That’s a lot of opportunities for hackers to steal personal data.

Having greater visibility into your organization’s sensitive data helps you to establish new data privacy compliance and transparency levels when integrating with third parties. Spirion has the solution for simplifying your organization’s data protection security challenges. Spirion’s Spyglass Executive Dashboard provides you with visibility into broken security processes and manages risks before they become breaches. With Data Lifecycle Management your team can eliminate unauthorized access to PII data by encrypting, shredding, redacting or quarantining the unsecured files.

Let Spirion help you make the most of your third-party relationships while protecting your customers’ sensitive data. Request a Demo!