When most of us think of our vendors handling sensitive information, we tend to gravitate toward the obvious: the payroll processing company, our contracts law firm, our accounting firm with our financial data, or the patent law firm with all our intellectual property. Frankly, the company that builds and maintains the company website isn’t typically top of mind.
Ask the Australian Red Cross if they agree.
Earlier this week, the Australian Red Cross Blood Service reported that over a half million donor records had been compromised by a third-party web development company:
"We learned that a file, containing donor information, which was located on a development website, was left unsecured by a contracted third party who develops and maintains our website."
Was the exposed data sensitive? A little.
“The breach meant 550,000 citizens… had private information such as their address, contact details, blood type and details of previous donations posted online by an ‘unauthorized person.’
The information compromised also includes whether or not the individual had taken drugs or engaged in "at-risk sexual behavior" such as…”
You get the idea…
Sensitive data is everywhere, and it’s impossible to do business today without trusting vendors with it. Some of those vendors are multi-national companies with massive data security budgets and staffs… and some build websites out of strip-mall offices. Your business has to protect your sensitive data – as well as that of your customers’ – in either case.
It’s an unavoidable and growing challenge that requires the right expertise and tools.
We have both.