What is a Data Breach?
A data breach occurs when personal or confidential information is exposed to unauthorized individuals or entities. This can include hackers, ransomware attackers and other malicious actors who gain access to the information by exploiting vulnerabilities in a company’s IT systems, employees or misplaced/improperly disposed of/lost devices. A data breach can result in theft of private data, identity theft, financial loss, regulatory investigations and loss of prospective business opportunities.
Hackers are in constant pursuit of new ways to steal valuable data that can be sold on the dark web. Technology innovation seems to outpace security upgrades, leaving holes for cybercriminals to exploit.
The 2017 Equifax breach compromised the personal details of 145 million Americans including their names, Social Security Numbers (SSN) and drivers’ license numbers. The data was exposed due to a website application vulnerability that allowed hackers to gain access.
Other prominent data breaches have included Sony Pictures Entertainment in 2014 where hackers leaked unreleased films and confidential emails from company executives. The dating site Ashley Madison was hacked in 2015, with customer information being released on the internet. This led to extortion demands from customers and even suicides in some cases.
If a company experiences a data breach, it’s important to work with forensics experts to analyze backup or preserved data. This will help to determine who had access at the time of the breach and whether they need to remain on your team. Also, take the time to examine service providers who may have been involved and make sure they are remediating vulnerabilities and providing secure environments for your organization.