What is a Data Breach?
Data Breach is an occurrence when sensitive or confidential information is transmitted, viewed, stolen or modified by an individual not authorized to do so. It is often associated with personal information such as names, email addresses, passwords and IP addresses or other data that can be used to identify an individual.
A data breach can be caused by an external attacker or by an employee of the business that owns the information. For example, an employee might mistakenly send data to the wrong email address, lose a mobile device that contains information or misconfigure a system to give outside hackers access to sensitive information. Hackers may also steal credentials that allow them to access a company’s network or find holes in a company’s security systems.
The most common consequences of a data breach are identity theft and the reputational damage that results from customers being told their personal data has been exposed to unauthorised individuals. Companies will likely see their customer numbers decline and their ability to attract new investment and employees may be hampered if the public perceives them as not taking data security seriously enough.
It is important to prepare for a potential data breach before it happens, by developing a detailed incident response plan. This should include things like who needs to be notified and what steps they will need to take. If you are unsure about how to get started, consider speaking with a specialist data protection advisor.