Outsourcing leads to 18-month-long data breach

Using outside vendors to help manage systems is a way of life for many companies. But a recent data breach shows this practice could put companies and their customers at serious risk. 

A credit card breach for Goodwill Industries originally focused on point-of-sale (POS) systems as a likely culprit. The breach affected an unknown number of customers and store locations in 21 states.

And sure enough, the third-party vendor of the POS recently confirmed this was the case. But that wasn’t all it revealed.

An ongoing threat

In addition to the breach of Goodwill’s payment card data, the vendor also announced that:

  • two other as-of-yet unnamed companies were breached
  • data was accessed by attackers from February of 2013 until August of 2014, and
  • there have already been attempts to use some of the payment cards from the breach.

The name of the malware responsible was tellingly infostealer.rawpos – it steals the data as it’s entered into the systems.

Vendor security matters

Vendors are in place to make your life easier, providing expertise and security you can’t always achieve on your own for a cost that you may not be able to replicate in-house.

But their security blunders can wind up costing you – in cost, reputation or other ways.

Here are keys to managing the risk vendors can introduce.

  • Get basic security info. Most vendors will refuse to divulge all their protections. But if they’re not willing to answer any questions or give PR-style buzzwords as answers, it could be time to be skeptical.
  • Consult with current customers. It’s a good idea to do deep research on potential vendors, but that won’t reveal everything. Smaller breaches or security missteps might never make it into the public eye. Try getting references from current customers to verify their security claims.
  • Stay on top of it. If a current vendor has already met your security preferences, don’t stop there. Regular surveys of vendors on their security practices can help you keep abreast of any changes they’ve made, for better or for worse.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy