A wine merchant, a security firm, a private dining club, a personal chef: each holds a customer list. Each is breached, at some point, in the ordinary course of small-business cyber incidents. The principal's name appears in a leaked record alongside the supplier's other clients, sometimes with details (delivery address, taste preferences, frequency of order) that imply quite a lot about the principal's private life.
The leak rarely makes headlines. It circulates in narrower circles: forums, journalists, the secondary market for personal data. The exposure compounds across multiple suppliers, because the principal's network of household and lifestyle services typically involves a small number of similar leak-prone firms.
The defence is partly about which suppliers are used (the most discreet of the category, vetted for their own security posture, willing to limit the data they retain) and partly about how the relationships are structured (use of corporate cards rather than personal, delivery to managed addresses rather than the home, deliberate compartmentalisation between household and personal accounts).
What is on the record can be read. Whether to address it depends on the circumstances.
More from the desk
The real estate search portal
The leaked flight manifest
The data broker who already has the spouse
The private school and the family record
The published charitable grant
The personal protection detail and the published detail