 So this is something I think we're going to keep seeing more and more of in the future and that's government fines over data breaches. Now this one has a little bit of a twist to it because you know right away people face palm and go yeah the company had bad security they didn't do this right. Well kind of but I want to be very clear on how this happened as much as we know about it. So the US Energy firm was fined $2.7 million. Now they took the name out and they omitted it but that's not really the relevant to me of this article anyways. What's really revenue is how the hack occurred or not really a hack it's just a data breach that didn't turn into a hack that we know of but the records for people's personal data was exposed that's the key in this that caused the fine. So the fine occurred and the incident which has been assigned to risk rating mysterious involved a third party contractor to improperly copy data from the energy firm own network despite receiving training the contractor failed to comply with the company's information production program and I want to read a little bit more into that. So here is the actual public notice from NERC the North American Electronic Reliability Corporation who find the power company that's name is undisclosed and here is the deep in there I'll leave links to this. You already received a report of an online data exposure with the possibility associated with URE. The report came from a White Hat security researcher not associated with URE. URE is the name they gave the company to keep them anonymous. A third party URE contractor exceeded author's access by improperly copying certain UAE data from URE's network environment to the contractor's network environment where it was no longer subject to URE's visibility or controls. The contractor failed to comply with URE's information protection program on which it was trained while the data on the contractor's network a subset of live URE data was accessible online without the need to enter user ID password and it goes into what was included in the data but what I want to be very clear this is the twist so to speak of why this matters a lot. This is a regulatory organization that realizes that it was not that company's fault it was the contractor's fault but please note who paid the fine. The fine was paid by the power company. Now this is something we're going to see a lot of so you really have to think about your contractors that you bring into your company and I know some places like locally here the hospitals have moved to zero contractors they only use internal staff and I think we're going to see some trends like this where companies maybe as the fines roll out get more careful about who they hire because they can't just say well the contractor did it because the Energy Commission here the public company that fined them absolutely noted that it was Cospac contractor please note who's not being fined the contractor I'm sure there's other legal ramifications going there but if they just hired some inexpensive database guy who copied it to his home server whatever we don't know the details what happened we know I don't know that that's what happened but I want to think about that if that type of incident occurs you as the business owner are responsible ultimately and I think this is something that's being made very clear over and over again and we're going to see a lot more incidents like this so you are responsible for the contractors you choose if those contractors grew up and accidentally do something bad with your data even though you told them hey don't take this out of our network they take it out of the network you're responsible this drives me nuts because I see so many companies look for the lowest cheapest thing they can use for software I see a lot of IT companies that don't really think a lot about that they just like always use this tool or that tool because I get a better deal on it but ultimately you as the business owner you really have to think about that that is a big issue and we're seeing this or spend some hospitals have had incidents as well and the same thing the hospital pays the fine even though the contractor did it like I said you can go after them that but if you hired some inexpensive database guy do they have the you know where with all to know how to handle things properly will you be able to extract any money out of them are they a big enough firm that you could then take the 2.7 million that you're fine love illegal action against them going hey you're the one that screwed up and they go great take my 1996 Toyota that I drove here and you know can they even cover it I don't know but that's just something the big picture that I want people to really take home and think about is the contractors you hire are your ultimate responsible for this has always been clear in other markets you know if you're a home builder and you hire a really bad plumber the homeowner doesn't chase the plumber they chase you if you were the general contractor for doing it that's why general contractors vet and care a lot about their reputation because they hire the right people that's you know the granted there's always incidents but that's how the other business work this is the same way but it's also a different scale because people look at technology differently um they go I just need this little thing fixed can I just hire this guy I found on something you know some place to contract work you're giving him access to all your critical data and this worries me too because some IT companies outsource to third-party help desk and that means you're letting a third-party help desk remote into your computer what if that guy says you know what I can make my money I can take all the stuff on your computer and copy it that scares me a lot when people say why aren't you using overseas help desk I'm like because we keep it all internal so I have some you know control over these things so anyways that's just some food for thought and my thoughts on this topic but I want people to think a little bit deeper about it and make sure you hire contractors who I can follow processes and you don't have to worry about and they're not just you know screwing up and not following all this and get you fine 2.7 million thanks feel like to catch in here like and subscribe you have some thoughts on this leave me in the comments