What is Data Breach?
Data Breach occurs when sensitive information is accessed, transmitted or copied by an unauthorized individual or organization. This can include personal information such as credit card details and login credentials for email or social media accounts, business trade secrets or confidential company documents. Criminals use this information for financial gain, espionage and to harm individuals or companies.
To commit a data breach, hackers can target specific organizations by searching for weak spots in their security, such as unpatched software or vulnerabilities that can be exploited with phishing campaigns. They then plan an attack to take advantage of those holes, which often involves coercing employees to reveal their authorization credentials by sending them to a spoofed website or tricking them into clicking a link.
Once an attacker has a foothold inside a company’s network, they typically use privilege escalation to move around the system, searching for files or user accounts with access to the information they want. Then they either steal the file(s) for financial or other reasons, sell them on the Dark Web or contact an organization and demand a ransom.
A common reason for a data breach is an insider, whether it be a disgruntled current employee seeking a windfall or a malicious former one. A recent example occurred when Scotland’s national telehealth organization 24 NHS sent emails with staff medical records to the wrong people, leading to the disclosure of private health information. Another cause is the loss or theft of portable drives, office computers and other physical property. An accidental disclosure can also occur when IT staff accidentally expose a server to the Internet or when employees save sensitive information to non-secure locations.