isn’t that still, by defnition, a breach of the company’s data?
In a sense, kind of. But it doesn’t demonstrate penetration of infrastructure built and maintained by Google. So there’s perhaps a judgment issue, but not a demonstration of their own security capabilities being compromised.
If a company uses an insecure vendor that gets breached, isn’t that still, by defnition, a breach of the company’s data?
If you outsource your security to a less-than-reputable company, don’t be surprised when you get less-than-reputable security.
In a sense, kind of. But it doesn’t demonstrate penetration of infrastructure built and maintained by Google. So there’s perhaps a judgment issue, but not a demonstration of their own security capabilities being compromised.
Yes. It may deflect some of the legal responsibility, but it’s still more of a “how they got breached” than “they didn’t get breached.”