What do the exposure of 106 million records from Capital One, 11.9 million records from Quest Diagnostics, and 7.7 million records from LabCorp have in common apart from the fact they all happened this year? In each case the breach was caused by a third party. With the Capital One breach a hacker was able to exploit a configuration vulnerability in the servers of one of its cloud partners. The other two breaches were traced to the same third party – the American Medical Collection Agency’s (AMCA) system.
