Call Now 888.400.5530

ITRC-logo-color-final
Search
Close this search box.
Podcast
itrc-notified-powered-by-white-logo.svg

The Weekly Breach Breakdown: Chances Are – 98 Percent of Firms Impacted by Third-Party Data Breaches

  • 03/03/2023
  • 4
  • 5
Play Episode
Listen On
  • Sixty-six (66) percent of all data breach notices in 2022 did not include details about the attack or the number of victims impacted. This comes at a time third-party data breaches are on the rise.
  • The number of supply chain attacks tracked by the Identity Theft Resource Center (ITRC) in 2023 is already 40 percent of 2022’s total.
  • A new report by Cyentia Institute found that 98 percent of firms had at least one third-party vendor that suffered a data breach. When you look at fourth-party relationships (a vendors vendors), the number jumps to 200 organizations that have had a data compromise.
  • Whether or not a company will be informed of a third-party data breach depends on service agreements and the state that the company is located. Most state laws do not require that businesses be alerted when their information is compromised by a third-party data breach.
  • To learn about data compromises, consumers and businesses should visit the ITRC’s improved data breach tracking tool, notified. Later this month, the ITRC will also launch a beta test of a new service for businesses who want to ensure they receive a notice when a data breach is entered into the ITRC’s data compromise database.
  • If you believe you are the victim of an identity crime, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website, idtheftcenter.org.

Chances Are

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for March 3, 2023. Each week, we look at the most recent events and trends related to data security and privacy. This week, we focus on third-party data breaches and their impact on businesses. We will start the conversation by turning to a time-worn phrase (or a Nat King Cole song if you prefer) to discuss the spike in supply chain attacks. Here’s where the phrase (or song title) comes in: “Chances Are…” you do business with a vendor who has had a data breach, but did they tell you?

Less Information Included in Data Breach Notices

We have discussed how fewer companies include actional information in data breach notices unless they are required to do so by state law. That’s if they issue a data breach notice at all. Sixty-six (66) percent of all data breach notices in 2022 did not include details of the attack and the number of victims impacted.

Supply Chain Attacks on the Rise

This comes at a time when the number of third-party data breaches is increasing. It means more businesses are having their data compromised – but not by a direct attack. Instead, cybercriminals are attacking single entities in a supply chain to gain access to the data of multiple organizations.

The number of supply chain attacks tracked by the ITRC so far in 2023 is already 40 percent of 2022’s total after just two months. If you are an average-sized business, what are the chances you do business with a third-party vendor who has had a data breach?

New Report Shows Most Firms Impacted by Third-Party Data Breach

It’s a virtual certainty based on a survey of 230,000 organizations worldwide. The Cyentia Institute found that 98 percent of firms had at least one third-party vendor that suffered a data breach. When you look at fourth-party relationships – your vendors vendors – the number jumps to 200 organizations that have had a data compromise with relationships to your average company.

Will You Be Informed of a Third-Party Data Breach?

Whether you are informed depends on how good your lawyers were when they wrote your service agreements or the state where your business is located. If you have a clause that requires you to be notified of a breach at a vendor or a vendor’s vendor, you may be covered. However, most state laws do not require businesses to be alerted when their information is compromised in a third-party data breach. 

Why is this important? The current trend of states passing comprehensive privacy laws like California’s often means businesses governed by a new law must certify they have good cyber protection. So do their vendors, which based on the latest research, they may not.

ITRC Breach Alert for Business Coming Soon

Later this month, the ITRC will launch a beta test of a new service for businesses who want to ensure they receive a notice when a data breach is entered into the ITRC’s data compromise database. Stay tuned for more details.

Contact the ITRC

If you want to know more about how to protect your personal information, or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

We’ve posted a lot of great podcast content in the past few weeks, from our 2022 Annual Data Breach Report to five podcasts and a webinar produced in cooperation with the Federal Trade Commission for Identity Theft Awareness Week. Give them a listen. We will be back next week with another episode of the Weekly Breach Breakdown.

Related Resources

See all Podcasts here
notified-ad.png

Get ID Theft News

Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center

notified-ad.png
© Copyright 2024- Identity Theft Resource Center

This product was produced by the ITRC under 2018-V3-GX-K007, awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. The opinions, findings, and conclusions or recommendations expressed in product are those of the contributors and do not necessarily represent the official position or policies of the U.S. Department of Justice. View more about our copyright info here.