You can have the best security controls in the world but, it will not help if, you do not understand the following statement - When an enterprise engages with a third party , they become responsible for that third party’s security controls.

ICBA Bancard Inc. subsidiary TCM Bank, a company that aids community banks in issuing credit cards to their customers, announced that the personal data of thousands of people who applied for credit cards with their local banks was exposed

The information that was leaked between early March and mid-July 2018 included the names, addresses, dates of birth and Social Security numbers of thousands of people across the more than 750 community banks that work with TCM Bank

In this instance, misconfiguration – a critical application-security risk – resulted in the a leak of customer information.

“When partnering with third parties, organizations cannot relieve themselves from the responsibility of security. In the eyes of the affected consumers, they provided the data to the organization and they hold that organization responsible.”




https://www.infosecurity-magazine.com/news/third-party-web-manager-exposes