Data Breach Definition
A data breach is a security violation in which sensitive, protected, or confidential data is accessed by unauthorized individuals. Data breaches may occur as a result of an accidental, human error from within an organization; via insider threats, such as negligent users, criminal or malicious insiders, or inside attackers that have stolen user credentials; or via an external cyberattack wherein hackers view, copy, transmit, steal, and/or use data to which they have no rights.
Data Breach FAQs
What is a Data Breach?
A data breach, a type of cyber crime also known as a data leak or data spill, involves a compromise of security that leads to the intentional or accidental unauthorized access to and unlawful alteration, loss, theft, dissemination, and/or destruction of what should be private data.
Data breaches are sometimes triggered by cyberattacks carried out by bad actors whose objective is to illegally obtain account login credentials, credit card numbers, contact information, email and home addresses, and more, in order to steal individuals’ identities and make unlawful purchases. Some data leaks are carried out by a person or persons who wish to expose what they perceive to be unethical incidents within a company or government, or whose objective is to intentionally compromise national security.
Perpetrators of a data security breach may include individual, independent hackers; organized crime units; political activists; and even national governments. The culprit may also simply be poorly configured system security or negligent disposal of used computer hardware. According to data breach statistics compiled by IBM, the average cost of a data breach increased 2.6% from USD 4.24 million in 2021 to USD 4.35 million in 2022 – up 12.7% from USD 3.86 million in the 2020 report.
How Do Data Breaches Occur?
What are the types of data breaches, and how do they happen? There are a variety of different types of cyber attacks that lead to breaches in security. These are the different types of data security breaches and their causes:
Loss or Theft
Loss or Theft
Loss or theft of a device, such as a laptop, mobile phone, or external hard drive, is a common security incident and the perfect opportunity for a cybercriminal to steal data that is highly sensitive. If a device is unlocked or unencrypted, it is fully vulnerable to unauthorized access, but even locked or encrypted devices are susceptible to more sophisticated criminals. Physical theft or loss can also involve paper documents with sensitive data printed on them.
Data breaches can also be caused internally by employees. This can occur either accidentally or intentionally. For instance, an employee may accidentally access sensitive information without proper authorization. Even if no data was actually lost, it is still considered a data breach because the employee accessed data he was not authorized to see. Alternatively, an employee may knowingly leak confidential information to a third party with malicious intent.
- Phishing: A phishing attack involves the use of social engineering to manipulate or trick people into giving away sensitive information. Cybercriminals will send fake yet genuine-looking emails with aggressive and threatening messaging that is used to scare the reader into clicking a provided link. The given link directs the reader to a malicious login page that will supposedly help fix the issue, but is really designed to capture and steal their username and password.
- Malware: A malware attack occurs when an individual is tricked into opening a malicious attachment, link, or website, which then infects the user’s device or network, gains access to and steals personal data or any valuable data, and then transmits this data back to the command and control (C&C) servers run by the cybercriminals.
- Denial-of-Service: The function of a DoS attack is to shut a machine or system down. This is accomplished by overloading an organization’s network or website with a surge of illegitimate traffic, or by sending input that exploits bugs in the target, which ultimately causes the system or device to crash or become highly destabilized. Either way, legitimate users are denied access to services.
- Exploit: Cybercriminals are consistently searching for software bugs or vulnerabilities to take advantage of to unlawfully gain access to a system and its data. Inevitably, software will have some bugs and vulnerabilities, and it’s a constant battle to see who will find them first – cybercriminals, who will exploit them, or cybersecurity teams, who will report to the manufacturers. Some criminals have even developed exploit kits to make these cyberattacks easier.
What are the Consequences of a Data Breach?
The consequences of a data breach can be disastrous. The actual cost of a data breach depends on what kind of information has been compromised:
- Individuals: Identity theft occurs when Personally Identifiable Information (PII) is stolen. This can be devastating for an individual. Everything from banking details to Social Security numbers can be stolen and used to completely take control of a person’s financial information. Cybercriminals can open new utility accounts or lines of credit under the victim’s name, withdraw money from bank accounts, steal tax refunds or airline rewards, steal health insurance or government benefits, and even sell passports on the dark web. The results of these activities can include ruined credit scores and major legal trouble, the resolution of which is extremely difficult and time-consuming.
- Businesses: Data breaches involving business data can have severe consequences for not only a business’s finances, but also their reputation. If customers’ data is stolen in a business’s data breach, this has a highly negative impact on customers’ trust in the company. Data breaches at businesses have resulted in leaked banking and credit card numbers, Social Security numbers, sensitive photos and videos, and more, leading to major lawsuits and overall contempt from the public. Some businesses may proactively choose to invest in data breach insurance to help them cope financially in the event of a security incident.
- Governments: A government data breach can mean a major threat to national security and the safety of its citizens. Compromised government data, such as wartime operational plans, voter database information, and government employee personal information, can end up in the hands of domestic criminals and foreign factions with malicious intent.
Data Breach Examples
There have been several major data breaches in the 21st century. Some of the most infamous recent data breaches include:
- 2010: Former U.S. Army soldier Chelsea Manning leaked large volumes of confidential military data to the public.
- 2011: A data breach in Citibank’s credit card operations resulted in the compromise of approximately one percent of their customers’ accounts.
- 2012: Cybercriminals used information manipulated out of Amazon’s tech support via social engineering to use Apple’s password recovery system, and subsequently hack into and wipe out the personal devices as well as Gmail and Twitter accounts for Mat Honan, current editor-in-chief at MIT Technology Review.
- 2013: Edward Snowden, former computer intelligence consultant at the U.S. National Security Agency (NSA), leaked classified data that revealed widespread spying by NSA and similar agencies in other countries.
- 2014: An exploit attack that targeted usernames and passwords and security questions on Apple iCloud resulted in a data breach that leaked nearly 200 celebrity photos.
- 2015: Ashley Maidson, an adult online dating service that specifically targets individuals seeking to arrange extramarital affairs, had all of its customer data stolen by hackers who threatened to expose its users if the website was not shut down.
- 2016: A 15-year-old British hacker accessed and leaked the personal data of over twenty thousand employees at the U.S. Federal Bureau of Investigation via social engineering. A judge deemed this attack to be “politically motivated cyber terrorism” and resulted in the attacker receiving a two-year prison sentence. This same year, Yahoo! was responsible for one of the biggest data breaches of all time – three billion user accounts were compromised between 2013 and 2016.
- 2017: The “Paradise Papers” – major data breaches involving the leak of 13.4 million confidential electronic documents relating to the offshore activities of national leaders, wealthy individuals, and companies. This security incident highlighted the different strategies and artificial structures that companies and individuals use to avoid paying taxes.
In the same year, Equifax was responsible for the compromise of the private records of approximately 147.9 million Americans,15.2 million British citizens, and 19 thousand Canadian citizens – one of the largest data breaches to date. The Equifax data breach settlement with the FTC included up to $425 million to help anyone who is affected by data breaches stemming from Equifax’s security incident.
- 2018: Former Cambridge Analytica employee Christopher Wylie disclosed information regarding the Facebook–Cambridge Analytica data scandal, which involved the collection of Facebook users’ personal information by British consulting firm Cambridge Analytica, largely for the purpose of political advertising, without user consent. The result was the FTC levying a $5 billion civil penalty against Facebook.
- 2019: Approximately 139 million users of graphic design service Canva had their personal information compromised.
- 2020: Multiple US federal government entities as well as private organizations were subjected to one of the worst cyber-espionage incidents ever suffered by the U.S. The cybercriminals exploited software or credentials from at least three U.S. firms – Microsoft, SolarWinds, and VMware. Some of the affected organizations include NATO, the government of the United Kingdom, the European Parliament, and Microsoft.
- 2021: A recent data breach was revealed when security researcher Alon Gal discovered a leaked database belonging to Facebook containing 533 million accounts, including the personal information of Facebook users from 106 countries.
- 2022: One of the latest data breaches occurred when an undisclosed number of DoorDash customers had their names, email addresses, delivery addresses, phone numbers, and partial payment card numbers stolen by the same cyber criminals who carried out an SMS phishing attack on Twilio employees the same year.
How to Prevent Data Breaches
How can data breaches be prevented? Data breach prevention requires a continuous, consistent dedication to security to keep your information secure. For businesses and governments, it involves education and participation from every tier of the organization. Dealing with the fallout from a data breach is significantly more difficult and costly than proactively laying the foundation of a secure digital environment. To avoid attacks and data leakage, follow these data breach prevention best practices:
- Ensure IT administrators patch and update software as soon as it is available.
- Apply high-grade encryption to sensitive data.
- Replace devices as soon as the manufacturer stops supporting the software.
- In ‘Bring Your Own Device’ workspaces, implement a security and data breach policy, such as the use of business-grade VPN service and antivirus protection for any such devices.
- Enforce strict credentials and multi-factor authentication, and encourage users to utilize a password manager.
- Ensure that every member of the organization is frequently trained in best security practices and how to recognize socially engineered attacks.
- Shred all paper documents, even if you think they may not be important.
- Ensure you’re using a secure website by checking the website URL to make sure it begins with “https” – the ‘s’ stand for ‘secure.’ This indicates the site is using a Secure Sockets Layer Certificate. Alternatively, look near your browser’s location field for a lock icon – this indicates that the connection between your web browser and the website server is encrypted.
- Only provide your Social Security number in instances where it is absolutely crucial.
- Maintain strong, secure passwords by including a variation of uppercase and lowercase letters, non-sequential numbers, and special characters.
- Do not use the same password for all of your accounts. This way, if one of your passwords has been exposed, it won’t compromise all of your accounts.
- Update the operating systems and applications on your devices to the latest version as soon as it is available.
- Frequently monitor your financial statements and credit reports so that you can catch and address any unfamiliar or irregular activities early.
Who is Responsible for Data Breach Response?
Who answers for a data breach? If someone is the victim of a crime, it’s not helpful to victim-blame. However, in the case of a data breach at a company, the breach is often linked to oversight or misjudgement by a person or persons. Identifying the root cause of a breach and the person(s) responsible is a critical step in outlining who did what and how to avoid it in the future. There are three main teams of people who are responsible for a data security breach and should be the first points of contact:
Business Managers & CEOs; Chief Information Security Officers; and Data Security Operations Personnel.
- Business Managers & CEOs: Often, the CEO takes the fall after a data security breach. CEOs are responsible for choosing corporate data security partners and have the final say on data breach security policies. CEOs and managers are also in charge of budgeting enough for IT security solutions, so if a data breach occurs, it could be argued that leaders invested insufficient funds into security solutions needed to protect the organization’s data.
- Chief Information Security Officers (CISO): If the organization is fully equipped with all of the funding, tools, and technologies sufficient to establish strong data security, and a data breach still occurs, the next team down the line of command that is held responsible is typically the CISOs. CISOs are responsible for data breach detection and response, systems maintenance and monitoring, and keeping security technology up to date.
- Data Security Operations Personnel: The vast majority of cyber security incidents occur as a result of human error, and those humans are often the ones responsible for managing day-to-day IT security operations. If a breach occurs as a result of poor daily maintenance, it is likely due to unqualified, insufficiently trained Data Security Operations Personnel.
What Should a Company Do After a Data Breach?
Once a breach has occurred, you need to move quickly. A clear, concise, fully developed data breach response plan should be available to put into action immediately. While every situation is different, the United States Federal Trade Commission (FTC) outlined a general rundown of standard procedures that should be part of your data breach response policy. They include:
Secure Your Operations
- Move quickly to secure your system and bolster data loss prevention measures. Identify and address vulnerabilities that may lead to additional breaches. This process may also involve securing physical locations that may have been compromised.
- If a dedicated data breach response team exists at your organization, mobile them immediately.
- Hire independent forensic investigators to conduct a comprehensive investigation and compose a data breach report, while simultaneously consulting legal counsel with privacy and data security expertise.
- Promptly take any affected equipment offline to avoid any further data loss. Change all credentials and install new, clean machines if possible.
- If applicable, search for and remove any of your organization’s sensitive data that was taken and posted online. Owners of websites and search engine support teams may be contacted to aid in taking down sensitive data.
- Interview the person(s) who discovered the breach and anyone who is directly or indirectly linked to the breach. Encourage other members of the organization to share any information they have that might be related to the breach.
- Do not destroy any evidence.
- Service Providers: If applicable, identify what sensitive information your service providers have access to and determine if their access privileges should be updated.
- Network Segmentation: Consult a forensics expert to determine if the organization’s network segmentation plan was effective in keeping the breach contained.
- Forensic Experts: Forensic experts will be able to help determine who had access to the data at the time of the breach and whether or not encryption has been enabled; analyze who currently has access, determine whether that access is needed, and restrict access if it is not; and verify the type of information compromised and the number of individuals affected.
- Communications Plan: Develop different plans for communicating with employees, customers, investors, business partners, and other stakeholders, with messaging that is honest, thorough, transparent, and an accurate representation of the situation.
- Anticipate Questions: Have answers ready for questions before they’re asked. Publish these clear and plain answers on a Q&A page on your website that is easy to find.
Notify Appropriate Parties
- Inform any and all affected businesses and individuals, as well as law enforcement. Additional legal requirements depend on different legislation enacted in different states. Check what the data breach reporting requirements are for your state.
- Inform your local police department of the breach immediately, or another department familiar with information compromises, such as local FBI offices or U.S. Secret Service. Contact the U.S. Postal Inspection Service in instances of mail theft.
- Contact the major credit bureaus – Equifax, Experian, TransUnion – if Social Security numbers were compromised.
- If the compromised data involves digital health records, who you contact depends on whether you’re covered by the Health Breach Notification Rule or the HIPPA Breach Notification Rule. Refer to these to determine who you are required to contact.
- In data breach notification for individuals, who you notify about data breaches and how depends on state laws, the nature of the compromise, the type of information taken, the likelihood of misuse, and the potential damage if the information is misused. When notifying individuals, consult with law enforcement to ensure you are not interfering with the investigation; appoint an official person of contact for releasing information; develop a public relations campaign to address affect individuals for whom you do not have contact information – otherwise, use letters, websites, and/or toll-free numbers for contacting known persons.
In your message to individuals, clearly communicate: how the breach occurred, which information was stolen, the manner in which the criminals used the stolen data, the actions you have taken to fix the situation, and protect affected individuals, and the best way to reach relevant contacts in your organization. Provide information regarding: steps to take after your private information has been compromised, how to recover from identity theft, the contact for the law enforcement agency investigating the breach, encourage them to use IdentityTheft.gov to report misuse of their information to the FTC, and how you will contact consumers in the future.
In order to make sure your organization isn’t missing any breach response steps, draft up a data breach investigation and mitigation checklist and keep track of your activities.
What are Data Breach Prevention Tools?
Implementing a data breach incident response plan is easier with the right tools in your toolkit. Data breach services and prevention tools include the software and technologies developed to enable users to view, control, and protect every piece of data in your databases and data lakes – all without impacting performance and agility. Features of a highly advanced data leak prevention tool include: protection of customer data in production databases from unauthorized users and compromised applications, simplified access to data lakes while keeping data secure, unified access policies and simplified collaboration while providing data users with timely access, easy discovery and classification of personal data in databases and data lakes, and enforcement of granular access controls for data masking and filtering.
Does Cyral Offer a Data Breach Prevention Solution?
Companies today are embracing cloud-based data services to make data more accessible than ever. This accessibility, however, creates some blindspots regarding who’s accessing data, which data they’re accessing, and what they’re doing with it. And since there’s no common standard for exchanging authentication and authorization information with different data services, there is a proliferation of shared accounts amongst data engineering teams, which results in diminished visibility for security and devops teams, an increased attack surface, and a major risk of security incidents and cloud data breaches. Cyral’s solution to this challenge is its agentless and stateless interception technology that provides an end-to-end picture of who is accessing what data and what they did.
Cyral’s new approach delivers visibility, access management and protection for the data cloud; enables Identity Federation to handle shared accounts; enables users to access their various data repositories using their existing identity providers; and generates logs, metrics, and traces enriched with identity and context for better visibility. Cyral integrates with most identity providers and management tools, and users are able to log into various data services using their SSO credentials. Cyral helps customers embrace data democratization while also keeping their data secure, providing a unified view of their data and its access, and preventing a potentially disastrous data breach.
Find out more about Cyral’s data breach protection solution here.