According to a Notice of Data Breach on Vermont’s government website, Image-I-Nation Technologies provides software and related computer hosting services to consumer reporting agencies. Examples of these reporting agencies are Experian, Equifax, and TransUnion. Upon further investigation the company’s IT team did not find any wrongdoing and concluded that no personal information was stolen. They also vowed to complete a thorough investigation to minimize the risk of a data breach happening in the future.

Some people may wonder, ‘why would the hackers go after Image-I-Nation as opposed to the three major credit agencies themselves?’ like we saw when Equifax got breached in 2017. Co-founder and CEO of Panorays, Matan Or-El knows why. “[The breach] is a perfect example of how cybercriminals are infiltrating the supply chain to steal data from large organizations,” he told SC Magazine. Third parties have always been the weakest link in the supply chain and are privy to these attacks. Once they’re compromised, companies employing these third-party vendors are also at risk. Senior technical evangelist at Synopsis Tim Mackey explained, “This breach disclosure highlights just how little control individuals have over the security and location of their personal data – let alone the purpose the data might be used for.”

What makes this attack all the more disturbing is the amount of people that will be ignorant that their information was at risk to begin with. “Regardless of media coverage, it is highly unlikely that most people will pay attention to a data breach at Image-I-Nation Technologies, considering they likely never directly did business with the company,” observed Mackey.

Companies can take away valuable lessons regarding this breach. Businesses must do a better job at inspecting third party vendors. CEO of The Media Trust, Chris Olson warned, “Since organizations are held at least partly responsible for their vendors’ actions, they should carefully vet the latter’s security and privacy measures and conduct periodic audits to close any security and privacy loopholes.” Data breaches can happen to any organization anywhere, so it’s important that there’s a plan in place to ensure your data is impenetrable. Always secure your data and inspect the third party vendors that make up your supply chain. Sometimes a good deal isn’t always better. While you may pay less to use a third party vendor you may pay out more in civil settlements if your data does in fact get breached. Or-El ends with a warning urging companies everywhere to “…perform comprehensive risk assessments of all their supply chain partners, along with continuous monitoring to spot vulnerabilities.”

If you think your data was breached by Image-I-Nation Technologies review the “Information About Identity Theft Prevention” reference guide which identifies additional precautions you can take to protect yourself in the future.