It’s getting to be a habit–a third-party vendor, responsible for its customer’s data, leaves it unprotected in the cloud. This time, a global communications company that partners with service providers left about four million of Time Warner Cable’s (TWC) customer records on an Amazon server, without a password.

In addition to exposing usernames, email addresses, device serial numbers and some financial transaction information, the vendor also left internal company records at risk of being swiped.

Moral of the story: If you’re working with a third-party vendor and storing sensitive data in the cloud, you need to conduct extra scrutiny to ensure security policies on premises follow the data, wherever it resides.

Read the full story here.