What is a Data Breach?
A Data Breach is a security incident in which sensitive, protected or confidential information is copied, transmitted, viewed, stolen, or altered by an individual unauthorized to do so. It can also be called a data leak, a data spill or an information leak. Attackers can gain access to data through phishing, malware, ransomware or skimming. Data breaches can also be caused by employee negligence or a misplaced or improperly decommissioned device (laptop hard drive, backup tape, flash drive).
Even if a company can contain a breach, it can have significant financial consequences and damage the business’s reputation. A 2019 Ponemon Institute report found that, on average, it takes 46 days for a publicly traded company to recover its stock price after a data breach.
The cost of a data breach can also be passed on to consumers and investors. In addition, a company that suffers a data breach may face fines and legal implications from increasingly strict privacy regulations, such as GDPR and California Consumer Privacy Act.
Once a data breach is discovered, the organization must notify the individuals whose personal information was exposed. Notification requirements vary by state, but most require a time-sensitive notification and a risk of harm assessment. People whose names, addresses, family composition, medical records, credit card information and social security numbers are compromised can be subjected to identity theft, fraud, and other crimes. To minimize these risks, make sure that you have proper data segmentation in place.