What is a Data Breach?
Data Breach (also called Data Spill or Information Leakage) is a cybersecurity mishap that happens when information, such as private or confidential data, falls into the wrong hands without the owner’s permission. This can happen to a small company or a large organization.
Definition: A data breach is the unauthorized access, copying, transmission, viewing, or use of sensitive information. It may be intentional or accidental and can involve any type of PII, such as financial, personal or health information.
How It Happens: A hacker or threat actor identifies a target and scopes it out for weaknesses. They may do this through a social engineering campaign or network-based attack.
The attacker then begins a systematic, aggressive search to find the data that they want. This could include stealing log-in credentials, using vulnerabilities in the target system, or directly compromising the data they’re after by exfiltrating it for use or sale.
It’s crucial to conduct comprehensive data breach containment operations and not destroy any evidence that might help in the investigation. For example, if the attacker has placed its files in RAM and you power off the computer, this will wipe out any information stored there.
Impacts:
Data breaches can have significant effects on a company’s reputation, profitability, and potential business opportunities. They can also lead to legal disputes and regulatory compliance issues. For example, the General Data Protection Regulation requires organizations to report data breaches within 72 hours.