A security incident at The Pennsylvania Department of Corrections has compromised the personal information of a seemingly “vulnerable population”
Recently, Accreditation, Audit, and Risk Management Security LLC, an online systems vendor for the Pennsylvania Department of Corrections, suffered a data breach that exposed the Personally Identifiable Information (PII) – including names, Social Security Numbers, medical information, and driver’s license numbers – of up to 13,000 inmates and 700 corrections employees. According to the Pennsylvania Department of Corrections, there have not been any reports of the exposed PII being misused. However, the actual repercussions of this breach may extend beyond identity theft and fraud.
When you think about a “vulnerable population,” the first thing that pops into your head might be the elderly. Everyone has heard stories of phone calls targeting the elderly, using scare tactics to solicit cash or emails supposedly from a long lost relative needing money. Rarely do you think about inmates or corrections officers inside of prisons, but WJAC’s reporting on this breach sheds light on this class of people.
The affected inmates are a vulnerable population; they have limited access to communication mediums including the Internet, telephone, mail, and in-person visits. They also lack the monetary means necessary to mitigate their exposure to identity theft and fraud. Moreover, if impacted, inmates may not have access to credit upon release, leaving them with fewer resources to manage their life post-prison.
Likewise, corrections officers who have had their PII compromised are potentially vulnerable to blackmail, jeopardising the integrity of the justice system.
In both of these cases, the implications of third-party data breaches can extend far beyond identity theft.
Organisations need to take a hard look at their business relationships, especially around the risk profile of third party vendors. Simply stated — the overall security of a company’s data and systems is dependent on the risk controls provided by their vendors.
DVV Solutions and Prevalent help enterprises manage 3rd party risk. We have the industry’s only unified platform that integrates a powerful combination of automated risk-tiered assessments, continuous monitoring, and evidence sharing for collaboration between companies and their vendors. Our actionable intelligence provides the most comprehensive view of vendor risk, creating maximum efficiency for all Third Party Risk Management programs.
Read our latest Third Party Risk Management White Paper
What is driving the thinking behind the next generation of Third Party Risk Management programs and platforms?
What does a comprehensive approach to Third Party Risk Management look like?
How can you and your 3rd Parties work collectively to improve efficiency and streamline the Risk Assessment process?
What tools are available to support this multi-faceted approach?
Download our latest White Paper – A Comprehensive Approach To Third Party Risk Management – to learn more.
About the Author:
Shawn Stefanick is a Cyber Threat Analyst at Prevalent, Inc. and an M.A. candidate in Georgetown University’s Security Studies Program. He conducts research on third-party business and cyber risk.
This article was originally published by Prevalent Inc. and is shared with their kind permission.