Consequences of a Data Breach
A data breach is the unauthorised release of sensitive information. It may be an accidental disclosure or an intentional act of sabotage.
The data can range from PII (personally identifiable information), to credit card details, or even national security. The consequences of a data breach can be devastating.
How a Data Breach Happens
There are many ways that data can be stolen, including through social engineering, network attacks, and exfiltration. Most breaches begin with a phishing attack, where a cybercriminal sends emails that appear to be from a legitimate company. The victim is then tricked into giving away their login credentials or downloading malware attachments.
Humans Make the Most of Data Breach Risks
While it is often thought that hackers are behind all data breaches, humans actually account for the vast majority of security incidents. Human error is a serious problem for organizations, and they must take steps to minimize it.
Changing passwords, informing your bank, and eliminating any personal information that is discovered helps mitigate damage from a data breach. In addition, monitoring your bank statements and credit reports can help prevent identity theft.
Notifying Individuals About a Data Breach
Under the GDPR, you must notify affected individuals if there is a data breach and it is likely to result in a high risk to their rights and freedoms. However, you must make an assessment on a case by case basis and consider all the relevant factors.
In some cases, you may be able to demonstrate that a personal data breach is unlikely to cause a high risk to the rights and freedoms of those affected. If you can show that this is the case, then you will not need to notify them.