BotNet News

Data Breach is the unintentional loss or theft of sensitive information, usually Personally Identifiable Information (PII) or corporate intellectual property. The consequences can be financial, legal, and personal for both individuals and businesses. They include loss of revenue, damage to reputation and trust with customers, and restitution payments or fines from government agencies.

Cyberattackers typically steal data for financial gain. They target organizations with poor security measures or a known weakness. Attackers can gain access via contaminated emails or thumb drives, through phishing campaigns targeting employees with known vulnerabilities, or through malware attacks such as ransomware that encrypts data and blocks re-entry until a hefty fee is paid.

In one of the largest breaches in history, credit reporting firm Equifax left a database of more than 340 million records fully exposed online for anyone to see. This included PII such as name, address, phone number, social security number, date of birth, and other sensitive details. It also included lifestyle and demographic information that could be used in phishing and other scams.

Companies that discover a breach must notify affected individuals within a specific time frame. This usually requires an assessment of the risk of harm and a determination if it is appropriate to offer restitution or compensation. Companies must also report the incident to state authorities.