When officials at retailer Target Corp. investigated the 2013 data theft that affected up to 70 million individuals, they discovered the retailer’s electronic connection with a provider of heating and air conditioning services likely played a big role in the breach.
As Target’s experience shows, organizations’ connections with third parties, including those far removed from sensitive data, can trigger potentially crippling security compromises. The growing group of companies whose data security policies were breached via a connection with service providers includes AT&T, Goodwill Industries, and many others. Indeed, a report by PwC links current and former service providers to one-third of all data security incidents.
