When your vendor gets breached, you might be dragged into the mess by media even if your data was not compromised. Consider the recent case of [24]7.ai data breach.
On April 4, 2018, online chat application vendor [24]7.ai publicly reported that they had “an incident potentially affecting the online customer payment information of a small number of our client companies…” Shortly afterwards, well-known corporations Delta, Sears, Kmart and Best Buy released statements acknowledging that their customer data was impacted by this breach.