BotNet News

Your source for Online Security News

Data Breach

A Data Breach is a security incident in which confidential, sensitive or protected information is copied, transmitted, viewed, stolen or used by someone who is unauthorized to do so. This can be the result of a deliberate attack or an unintentional error or oversight by an employee or due to flaws and vulnerabilities in the infrastructure of an organization. Examples include lost devices like mobile phones, laptop computers and external hard drives that are left out in public or stolen by attackers or a lack of proper password enforcement for privileged accounts that allow cybercriminals to gain access to the entire network.

The consequences of a Data Breach vary depending on the severity and the type of information that is compromised, however most organizations experience financial loss and a loss of consumer or contributor trust. Some organizations may also face monetary punishment for non-compliance with data protection laws.

Most attackers look for a way to enter an organization’s systems through unprotected ports or protocols, unpatched vulnerabilities, or phishing campaigns that target employees and trick them into clicking on malicious links or attachments that download malware on their device. Once inside the system, attackers move laterally by compromising other user accounts and systems until they obtain the desired data or ransom is paid.

Most often, cyber criminals steal names, email addresses, usernames, passwords and credit card information. This allows them to breach other accounts, steal identities and ruin credit ratings or make fraudulent purchases. In one notable data breach, Yahoo was hacked and the attackers stole records on every single Yahoo user in the world.