Data Breach – What it is and How it Happens
Data Breach: What it is and How It Happens
A data breach occurs when sensitive or confidential information – including personal details like credit card numbers, passport number and ID numbers – is stolen, copied, transmitted, viewed, used or accessed without authorization. This can be intentional, or it can be accidental.
Accidental breaches are a result of human error or flaws in a company’s infrastructure. They can occur when an employee uses a co-worker’s computer to view files or when someone leaves their laptop unattended in a hotel lobby.
Malicious breaches are a result of an outsider using malware, phishing, or other methods to access confidential information. They may use this information to steal money, commit identity theft or spy on the victim.
Often, these types of breaches can be traced to a single attacker, but sometimes the cause is several different events happening simultaneously that lead to the loss of data. Some examples include:
Botnets: Hackers create a botnet of compromised computers to gain access to networks and data in order to steal or sell it on the dark web.
Data on the Move: The data that is stolen from a breach could be transferred in the clear over HTTP or other nonsecure protocols, which can be exploited by criminals to access and share it.
Insider and privilege misuse: Employees that are granted access to confidential data sometimes abuse their privileges and share it with people they know to be malicious or corrupt.