What is a Data Breach?
A data breach occurs when confidential, private or protected information is copied, transmitted, viewed, stolen, altered or used by an individual not authorized to do so. It can also be known as unintentional information disclosure, information leak or data spill.
When a company experiences a data breach, it can have serious consequences. Consumers will stop purchasing from that business and will move to a competitor that takes security seriously. It can cost the company money, as well as damage its reputation and lead to legal action.
A number of large companies have experienced data breaches in recent years. For example, dating website Ashley Madison was hacked in 2015 and the customer details were leaked onto the internet, leading to extortion attempts against people whose names were revealed. Facebook suffered a data breach in 2018 when internal software flaws allowed hackers to access 29 million users’ personal details, including names, email addresses and passwords. In the case of Equifax, a 2017 hack saw them lose data from 147 million customers, including their names, addresses, Social Security numbers, dates of birth and drivers’ licences.
A common cause of a data breach is a malicious insider. This is an employee who has unauthorized access to data and shares it with third parties for their own benefit, such as using it to commit financial fraud or embezzlement. Other causes can include human error, such as a worker carelessly leaving a laptop in a public place (for example Apple’s 2011 data breach when Gizmodo got its hands on prototypes of the next-generation iPhone). Ultimately, a business must have a clear plan to respond to a cyber attack, and this includes notifying all affected individuals.