In the aftermath of the SolarWinds hack, a better understanding of third-party hacks in any update that you provide to your colleagues, bosses, and even the board of directors may be warranted. Third-party supply chain compromises have been happening for years, and most organizations need to have an appropriately staffed and funded sub-team focused on vetting its third parties. If your organization acquires a company that gets breached, you ‘own’ the breach (e.g., Marriott in 2018, when it acquired Starwood Hotels, from which 353 million customer records were stolen).
Source: https://www.helpnetsecurity.com/2021/01/15/third-party-hacks-solarwinds-breach/