Welcome to ThatThirdPartyGuy.com – my website highlighting my journey in third party cyber-security.

Do You Have An Effective Incident Response Process?


7 June, 2023

It’s easy to get notification fatigue in this line of work. Another day another breach report, right?  In most circumstances, a breach is reported and a company includes what they are doing to contain and remediate the issue.  Not in this case.  Scrubs & Beyond has a serious leak of very sensitive data.  And at last public report data was still being added to the exposed database.  You can read more about it here.

How does that relate to the incident response process at your company?  The researcher who found the plaintext and unsecured database in the open tried to report it to the company several times.  I checked out their website and was looking for a way to contact them.  They have one.  It’s not really geared for cybersecurity but presumably somebody looks at it and could route it appropriately.  Maybe it did and maybe it didn’t?  

What also caught my attention was that their parent company shows no security focused people on their company team page giving the impression they don’t think it’s as important as some of the other roles.  I hope that changes.