“Dun & Bradstreet maintains that neither they or NetProspex suffered a breach or caused the leak. If true and the leak stemmed from one of their customers, which represents a new dimension of third party risk. While customers don't have ongoing relationships in the way that vendors and suppliers do, they still can pose risk when licensing and buying data in bulk," says Stephen Boyer, co-founder and CTO of BitSight.