![\"Weekly](\"https:\/\/i0.wp.com\/www.troyhunt.com\/content\/images\/2025\/08\/Splash-Template.jpg?ssl=1\")
<\/p>\nI’m fascinated by the unwillingness of organisations to name the “third party” to which they’ve attributed a breach. The initial reporting on the Allianz Life incident from last month<\/a> makes no mention whatsoever of Salesforce, nor does any other statement I can find from them. And that’s very often the way with many other incidents too, which, IMHO, sucks. My view is that when our data is provided to a third party and that party exposes it, we have a very reasonable expectation to know who lost it. My own personal info was exposed in the Ticketek breach last year<\/a>; can you find any mention whatsoever in that disclosure notice of Snowflake DB? Nope, but that’s the “reputable, global third party supplier” they refer to. Another fun fact: the other third party they don’t name is HIBP: “We are aware some customers\u00a0have recently been contacted by a third party regarding the impact to their information”. \ud83e\udd37\u200d\u2642\ufe0f<\/p>\n <\/p>\n
![\"Weekly](\"https:\/\/www.troyhunt.com\/content\/images\/2018\/05\/Listen-on-Apple-Podcasts.svg\")
<\/a><\/div>\n![\"Weekly](\"https:\/\/www.troyhunt.com\/content\/images\/2024\/09\/Watch-and-Listen-on-YouTube.svg\")
<\/a><\/div>\n![\"Weekly](\"https:\/\/www.troyhunt.com\/content\/images\/2019\/10\/spotify.svg\")
<\/a><\/div>\n![\"Weekly](\"https:\/\/www.troyhunt.com\/content\/images\/2018\/07\/Download-via-RSS.svg\")
<\/a><\/div>\n