The root cause could easily be a software issue, a breach in an underlying system (like a database), or some sort of hack - malware, causing clients to exfiltrate data, or perhaps an intruder doing the same.
This is why the large and regulated enterprise block many third-party services. Simply put, it's hard to know how good their internal security is - or how good the security of the provider they purchase it from is - or how carefully they screen their employees, how thoroughly they retire old hardware, or how much insurance they really have.
And it takes a lot of time, knowledge and effort to verify anything. The average security review costs more than $10,000 and many cost an order of magnitude or more. Why not just ask a simple question:
Where do you store my company's data, and how do maintain our control over it?
We just sent you an email. Please click the link in the email to confirm your subscription!