What Does Your Customer Data Have in Common with a Hit Netflix Show?

Working in Hollywood sounds glamorous, but it turns out filmmakers and television producers out in La La Land face some of the same problems as banks and credit unions—especially when it comes to third-party vendors and IT security.

In what’s being called the largest hack of Hollywood since the Sony leak in 2014 (the one where much of the studio’s dirty laundry got aired, including executive emails badmouthing actress Angelina Jolie), a hacker has pirated the fifth season of hit Netflix show “Orange is the New Black,” Variety reports. The hacker leaked the show online more than a month before it was scheduled to hit the Netflix platform after the company refused to pay ransom.

This is very bad news for Netflix. OITNB is the subscription-dependent company’s most-watched original program, according to Variety, and now it’s free online.

If only Netflix had better vendor oversight, this problem might have been avoided.

That’s because the leak is believed to have stemmed from Larson Studios, the company that handles post-production audio for the “dramedy,” Variety says. Apparently, hackers found a way to breach its IT security and steal all 10 episodes of OITNB’s newest season.

Security experts aren’t surprised, Variety reports, with many saying that vendor security has been a “weak link for Hollywood” for years.

Circumstances seem to support that argument. Netflix wasn’t the only one to outsource to Larson. Shows including FX’s “Fargo,” ABC’s “Designated Survivor” and CBS’s “NCIS: Los Angeles” also use Larson Studios, Variety reports. They may even be among the other shows the hacker claims to have stolen. He’s encouraging those networks to pay up or face the same fate as OITNB.

The same thing can and does happen to banks and credit unions. Instead of stealing the stories of the fictional inmates of Litchfield Penitentiary, they come after confidential customer data, creating huge regulatory, legal and reputation headaches.

While your institution may do everything by the book to protect data in its buildings and on its servers, you need to be certain that your third-party vendors are doing the same. Make sure you are conducting thorough, ongoing due diligence of vendors. It’s not just a regulatory requirement. Data security is the new black, and will be for a long time to come.