If your organization discovers that your data has been compromised because one of your vendors has experienced a breach, you will face a unique set of challenges. All the usual issues involved in a response - conducting a forensic investigation, determining notification obligations, notifying in a way that preserves customer relationships - become much more complicated when the breach has occurred at the vendor.
Taking control at the outset is critical. That's true when you enjoy a strong relationship with the vendor, but even more so if it's a former vendor or if the relationship has become strained. As the data owner, you must learn the details of the breach and be able to identify and notify affected individuals in order to fulfill legal requirements.