The Black Shadow hacking group’s attack on Cyberserve, reported a few days ago, has resulted (at this point in time) in the leaking of a database with more than 800,000 records pertaining to various individuals and the exposure of additional databases. This attack raises important questions about the relations between database owners and the third parties with whom they engage to receive various services relating to business activities that incidentally involve their data.