There are lots of types of a “breach”. The first and second (the major ones) were likely related so more like one continuous incident. This one was a vendor breach that had access to their data so not a reflection of their security program as much as the first.
I’m not saying you’re wrong, I’m saying you can’t tell from this incident.
I’m not saying you’re wrong, I’m saying you can’t tell from this incident.