A hacking group's claim of breaching a file-transfer system used by a third-party vendor for Nissan and Infiniti dealerships in North America has prompted an investigation, revealing that stolen data did indeed originate from this external supplier. Nissan has confirmed that the breach occurred, but asserts that there is no evidence to suggest customer information was compromised1. The incident highlights the risks associated with third-party vendors and the potential consequences of a supply chain attack. The hacking group's actions have raised concerns about the security of sensitive information shared between companies and their external partners. As a result, companies must reevaluate their vendor risk management strategies to prevent similar breaches. The incident serves as a reminder that the security of an organization's data is only as strong as the security of its weakest vendor, making robust vendor assessment and monitoring crucial for protecting sensitive information.