eSecurity Planet, September 6, 2017
In a pair of major data breaches disclosed over the past few days, thousands of U.S. veterans' personal information and more than 4 million Time Warner Cable customers' data were found on unsecured and publicly accessible cloud servers.
In both cases, the organization responsible for the data (Time Warner Cable, and private security firm TigerSwan) had used subcontractors who inadvertently exposed private information on unsecured Amazon servers.
Willy Leichter, vice president of marketing at Virsec Systems, told eSecurity Planet by email that TigerSwan's response reflects a disturbingly common pattern of blaming breaches on subcontractors. "Regardless of who actually made mistakes, the data controller -- the organization entrusted to properly use and protect the data -- is always responsible," he said.
"TigerSwan's lengthy statement essentially says, 'We apologize, but it wasn't our fault,'" Leichter added. "While the subcontractor may certainly share some blame, TigerSwan is still legally responsible for protecting data entrusted to them."
