What is a Data Breach?
Article
A Data Breach happens when an organization’s systems are compromised by attackers who access sensitive or confidential information. Attackers may use social engineering, malware, phishing attacks or exploit unpatched software vulnerabilities to bypass security controls. They then sell or leverage the data for identity theft, cyber warfare, corporate espionage, or hacktivism. The top motive for most breaches is financial gain but it is also possible for attackers to seek revenge or damage an organisation’s reputation.
In 2021, a law firm suffered a breach when one of its employees failed to recognise a phishing email and inadvertently entered their login credentials into the fake website they were directed to. This resulted in a significant loss of data including confidential information and scanned copies of ID documents. The firm reported the incident to the ICO.
The ICO determined that the incident was high risk for individuals because it would have been very easy for a third party to use the data to make contact with the individual. It was also a breach of the Data Protection Act as the law firm had not informed the individuals affected.
Generally, it is best to promptly inform the individuals concerned about a data breach, especially if there is an immediate risk of them suffering damage or distress. You should document your decision-making in the event of a breach, for example by using an internal breach log. This will help you if the ICO requests to see your rationale.