BotNet News

A data breach is unauthorized access to, modification of or deletion of personal information. This can be anything from a single name and date of birth to financial information or health records protected by regulations such as HIPAA.

A breach can be caused by many factors including human error, cyberattacks or accidental data loss. For example, employees can accidentally expose information by storing it in unsecure locations or misplacing devices with sensitive information saved on them. IT failures such as misconfigured servers and unpatched vulnerabilities also contribute to breaches. And sometimes data is stolen from company offices in the form of paper documents, physical hard drives or skimming devices on credit and debit card readers.

The impact of a breach on individuals depends on the type and severity of information accessed. For example, thieves who have obtained names and Social Security numbers can use them to sign up for accounts in their name or commit tax identity theft. If the impact is severe, you will need to inform people so they can take steps to limit damage from the breach.

It’s also important to determine your legal requirements for notifying individuals if their data is exposed. Most states and Canada have laws requiring companies to inform customers of security breaches that affect their personal information, with some having additional rules for financial services or specific types of data. Criminals can also exploit high profile breaches (while they are fresh in people’s minds) to target individuals with phishing messages.