BotNet News

A Data Breach occurs when sensitive or confidential information is stolen or taken from a system without the knowledge or permission of its owner. This can include confidential customer data, trade secrets, matters of national security or financial information. A breach may also include information such as usernames and passwords, personal details, addresses or medical records.

Hackers use a variety of tactics to steal and access confidential information including malware such as ransomware, spyware or keystroke loggers. Attackers also exploit vulnerabilities in IT assets such as websites, operating systems and endpoints to gain entry to a network. They can then install software, like a Trojan horse or backdoor, that gives them unauthorized access to a system or allows them to retrieve data from other devices connected to the network like laptop hard drives or USB sticks.

Employee errors and negligence

Cybercriminals take advantage of employees’ mistakes by exploiting vulnerabilities in authentication and authorization control systems, storing information in unsecured locations or misplacing data-carrying devices such as laptops or USB sticks. They may also gain access by using IT failures such as temporary system outages to breach a company’s defences.

As a controller you are obliged to report certain personal data breaches to the relevant supervisory authority and where there is a high risk that it will adversely affect individuals’ rights and freedoms you must also inform affected individuals. You must have robust breach detection, investigation and internal reporting procedures in place to help you make this decision.