BotNet News

Your source for Online Security News

Data Breach happens when confidential, private or protected information is exposed to a person or entity that does not have authorization to access it. This can be the result of cyber criminal activity, or an accident. Many countries have passed laws requiring companies to notify consumers and remediate breaches when they occur.

The most common type of data breach is an external hack. These include brute force attacks, where hackers use special software to guess network passwords, or crack weak ones in under a minute. These attacks can expose the PII of hundreds of millions of people. In 2018, for example, diet and exercise app MyFitnessPal suffered a breach that exposed 144 million unique email addresses and IP addresses. Credit reporting agency Equifax suffered a similar problem, and had to ask all of its 145 million American customers to change their passwords.

Malicious actors can also target a company for its intellectual property, such as research, product designs or source code. They may be state sponsored, hired by a competitor or simply independent opportunists. During the coronavirus crisis, for example, malicious actors were targeting companies for their vaccine secrets.

An insider breach is when an employee or third-party contractor exposes sensitive information on purpose, often with criminal intent. The most notorious insider breach is that of the IT networking company Cisco Systems, when a disgruntled former employee was found to have intentionally leaked sensitive information about their colleagues and customers.