We continue to see clients hit with notifications from vendors about security incidents caused by either the vendor or the vendor’s downstream supply chain. Often, the client didn’t even know that its vendor was outsourcing part or all of the work to another vendor. When a security incident occurs down the line, the entity that