Third-Party Breaches Plague Multiple Industries
January 30, 2019 / Kacy Zurkus
From January 25 to 28, 2019, multiple organizations, including Discover Financial Services, Verity Medical Foundation, Verity Health Systems and Allen Chern LLP, have made routine filings in accordance with California state law, reporting cybersecurity incidents that may or may not be data breaches, according to the office of the Attorney General (AG). The AG’s website notes, “In some cases the organization that sent the notice is not the one that experienced the breach,” and each of the companies that have filed in the past five days has asserted the information was compromised as a result of some unauthorized activity of a third-party vendor. “Discover was not breached in this incident and our information and data systems were not compromised. This incident was the result of a merchant data compromise, and not the result of any action by Discover or an intrusion of our customer information systems,” a Discover spokesperson wrote in an email.