
Should I hold my breath ...
... until they report themselves to ICO?
IT gear distributor Tech Data is the latest company to expose an insecure database, jam packed with personal and sensitive information, to the public internet for anyone to rifle through. A team at network security outfit vpnMentor was scanning cyber-space as part of a web-mapping project when they happened upon a Graylog …
"your (lowest cost) subcontractor"
Stop pretending the expensive commissions you pay to third party sales people, management or shareholders will somehow result in better quality while they continue to use the cheapest resources available.
Your suppliers will meet their contractual obligations. Experienced suppliers already have the get out of jail clauses included in the contracts. If your contracts don't clearly specify responsibility and how risk/damages will be assigned in the event of data loss, your company probably carries a significant proportion of the third parties risk.
"Experienced suppliers already have the get out of jail clauses included in the contracts."
They may mitigate civil damages by passing them on to the customer but they can't override statutory requirements which will include criminal liability. In more enlightened jurisdictions consumer rights are also likely covered by statute, B2B less so.
I work for a large corporate company. They got hit by ransomeware a while ago. Too big for their boots and too many idiots working in IT, probably the same impact from this scenario. When I done server and network admin inhouse. I nailed everything to the floor, you got nothing, unless you give me a great reason for wanting access to it. Written in stone is good and signed by every pen pusher onsite.
What people don't understand is that this type of stuff is permanently up for sale on the darknet for anyone that wants it. Netflix accounts, database dumps etc etc. The fact this is known about is the unusual bit. This is only the tip of a very big iceburg that most people just don't know about. I don't have any interest in buying this stuff, I just noticed it all up for sale when I was investigating (cough) the darknet.