What’s worse than a vendor that suffers a data breach that exposes your sensitive customer information? The answer: A vendor that waits almost six months to tell you about it.

That’s the issue that both Sears and Delta Air Lines are facing after a malware attack on each of the company’s online chat services vendors. Hundreds of thousands of customers’ payment information was accessed, including payment card account numbers, expiration dates, names, and addresses, reports Gizmodo. Sears and Delta weren’t made aware of the breach, which happened in September 2017 and took two weeks to contain, until mid-March of this year.

That’s not just inconsiderate. It can also create legal issues. Several states, including Massachusetts and California, have strict timelines for notifying consumers when data is accessed by unauthorized parties. This is especially true for sensitive data like account and Social Security numbers. An institution needs to know about a breach as soon as possible so it can follow notification protocol. Just because an institution doesn’t have bricks and mortars in another state doesn’t mean it’s exempt from those rules. It needs to follow the notification laws where a customer resides.

As hackers and cybercriminals become more inventive (see the casino that was hacked through its Internet-connected “smart” thermometer), data breaches are becoming increasingly common. Third-party vendors remain a viable entry point for those looking to steal sensitive information. This is why having a plan for dealing with vendor data breaches before they happen is essential. Another essential part of effective strategy is to structure agreements with vendors to ensure that you’re notified in a timely fashion.

Regulators don’t distinguish between your actions and the action of your vendors. Vendor breaches create a unique set of issues that require attention. Make sure your vendor is required to notify you promptly of any breach so that you can take action.

Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!