The food delivery service alerted people to “unusual activity involving a third-party service provider” resulting in unauthorized third-party access to user data. While any number of companies have been through this drill before, this latest data incident serves as a reminder that not only do companies need to mind their own cyber-security—they also need to keep an eye on the data protection practices of their third-party vendors.
“Attackers don’t always use the front door to acquire data from an organization,” observed Jose Ramos, a senior principal consultant at ACA Aponix. Instead, bad actors “often look for the weakest link,” he continued. “Many times, this is a provider who has access to sensitive data.”
Indeed, those third parties might be even more alluring to cyber-criminals than their well-secured customers are. “Hackers know they can maximize their investment of time and exploits by targeting vendors, because one successful vendor hack can provide access to a range of clients as to which the vendor has sensitive access or data,” explained Luke Dembosky, a partner at the law firm Debevoise & Plimpton and co-chair of its cyber…