Data Breaches, Due Diligence & Third Parties – The Nightmare is Real

There have been several high profile reports of data breaches recently, including Ticketmaster, Thomas Cook and Harvey Norman. Harvey Norman attributed their reported breach to a third party and issued the following statement detailing the provider –

“We wish to alert you to a data breach that has occurred in the systems of a third-party website service provider, Typeform, which has resulted in the unauthorized access to some Harvey Norman data”.

While Harvey Norman did comply with the data breach reporting requirement of the GDPR by meeting its 72-hour deadline, there are still lessons to be learned from the incident.

chris hanlon