Morgan Hunt – which provides personnel services to clients in the charity education, finance, government, housing and technology sectors – confirmed the break-in in a letter to contractors.

Comments Chris Vaughan, area VP and technical account manager EMEA at Tanium: “Companies often place a huge amount of trust in third-party vendors – usually down to reputation, if they haven’t been breached before, or if they claim to invest heavily in cybersecurity. However, IT teams need to be more thorough than this. They should ask themselves questions, such as: ‘Do I really know how well our suppliers manage their operations, including areas like credential management and patching? How can we tell how much technical debt they are carrying? Is the vendor that was breached three years ago – and then invested a massive amount improving their security – less of a risk than a vendor that’s never had a publicly disclosed breach?’

“Only once these questions have been answered – using data – can organisations place full trust in the third-party suppliers they work with.”