“Dun & Bradstreet maintains that neither they or NetProspex suffered a breach or caused the leak,” said Stephen Boyer, co-founder and CTO of BitSight. “If true and the leak stemmed from one of their customers, which represents a new dimension of third-party risk. While customers don't have ongoing relationships in the way that vendors and suppliers do, they still can pose risk when licensing and buying data in bulk.”