BotNet News

Your source for Online Security News

Data Breach

The compromise of secure customer data, internal business information such as inventory lists, and bank transactions is a nightmare scenario that no company wants to experience. But, despite best efforts, data breaches do happen. And the resulting damages can be severe.

A data breach occurs when sensitive or confidential information is copied, transmitted, viewed, altered or stolen by an individual unauthorized to do so. Also known as an information leak, data dump or privacy incident, a breach may be intentional or unintentional.

In an intentional breach, cybercriminals hack into a company’s system to steal or expose personal information. They use social engineering tactics such as a phishing email that appears to be from an employee and asks for personal information, or an attachment that contains malware.

An accidental insider breach can also occur when an employee inadvertently sends a confidential email to the wrong person. An example of this occurred when Scotland’s national telehealth company, 24 NHS, discovered that one of its employees had sent emails containing patient medical records to the wrong people.

An external data breach is the most dangerous because it can impact more than just a single company. For instance, in 2013, Yahoo was hacked and had to disclose that cybercriminals stole data on more than three billion user accounts—more than one-third of the world’s population. The data included the names, dates of birth, addresses and passwords, which were stored in plain text and protected only by a weak SHA1 encryption. The hackers then used those passwords to break into other accounts on sites that had previously been compromised, a process called “credential stuffing.”