What is a Data Breach?
A data breach is a security incident that occurs when sensitive, protected or confidential data is copied, transmitted, viewed, stolen or altered by an individual unauthorized to do so. Other terms for this type of incident include unintentional information disclosure, data leak, and data spill.
Criminals are always looking for ways to steal your personal data, whether it’s passwords to access your online accounts, credit card details to open new accounts in your name or health records to commit medical fraud. They can hack your company’s network, physically break into your office and steal hard drives, thumb drives or paper documents, place skimming devices on physical point-of-sale terminals to gather payment card data or simply try guessing your password using a litany of strategies (brute force attack, on-path attacks etc.) until they get lucky and crack your password.
Cybercriminals can also use data breaches to sell your private information. For example, Collection 1 — an online dump of 340 million email addresses and more than 27 billion passwords — was sold for about 0.0014 cents a record.
Once a business or organization experiences a data breach, it must notify those whose information was exposed, investigate the source of the data leak, and fix the security issue that caused the breach. In addition, affected individuals may need to be offered credit monitoring services or paid compensation. The cost and time to perform these tasks can be significant. Then there’s the damage to a company’s reputation and the drop in its share price that can follow.