This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| less than a minute read

File Sharing Services Breach Shows Need to Shore Up Vendor Contracts

Kroger is the latest US company to report being affected by a breach at a supplier of secure file sharing services.  The vendor explicitly markets its services as a consolidated and secure way to manage certain internal records and communications.  Kroger has listed its HR records as being among those potentially affected.  

Any company dependent on outsourced storage, communications, security, records management, or other common tasks should remember that in case of a breach at the vendor level, the customer company may owe legal notices to employees and business partners as well as to consumers.  Such a breach may be subject to state laws regarding medical or other privacy concerns, state law reporting requirements, and federal or international laws pertaining to medical, financial, or other personal data.  

Ensuring that your vendor agreements explicitly require prompt notice, cooperation, and some sharing or offset of compliance costs can be invaluable in these instances.  

Kroger was among the companies affected by a data breach caused by a weakness in a product offered by Accellion, a third-party company that the retailer used for secure file transfer services, according to a company press release. The breach didn't affect Kroger's IT system, the store systems, debit or credit card information, and no customer data was misused, the retailer said, but it did impact certain HR data, money service records, and pharmacy records.


data security and privacy, hill_mitzi, insights