A data breach is a cybersecurity incident where someone accesses a system to view or copy sensitive or private information without authorization. Hackers can infiltrate an organization by taking advantage of human error, but some are skilled enough to break even the most secure systems.
A single data breach can impact a massive amount of people — for example, Yahoo’s three billion user accounts — and/or have long-lasting consequences when the information released is highly sensitive, like in the 2017 Equifax breach.
Once the data is out on the web, it’s hard to put the toothpaste back in the tub. As a result, companies that suffer a breach will often offer free credit monitoring services for affected customers, which contributes to the overall cost of data breaches.
Read on to learn more about data breaches, how they happen and the steps we should all take to protect ourselves.
Table of Contents
What is a data breach?
A data breach happens when someone accesses a network and views or copies an organization’s data without authorization. Cyberciminals target businesses or government organizations that hold valuable data such as names, credit card numbers, social security numbers, trade secrets or customer information. They will then sell this confidential or proprietary information on the dark web or sometimes hold it hostage until the organization pays a ransom.
Other times the goal of the attack is to affect an organization’s day-to-day operations by flooding a system to render it inoperable.
The damage caused can impact both the business and its clients for years to come. The companies impacted by a breach, can end up spending millions in repairing damaged systems and reputations. While large organizations may be able to come back from such a financial loss, for many small businesses, it could mean the end of the road.
Although corporations are the targets of data breach attacks, individuals can be impacted if the breach includes sensitive information about employees, customers or users. Once this information is leaked or sold, affected individuals could become victims of identity theft. Most will have to monitor their credit closely or invest in credit monitoring services to spot and curtail this type of fraud quickly.
(If you want to learn more about this type of fraud and what you can do to prevent it, read our articles on how to protect yourself from identity theft and the best identity theft protection services.)
How does a data breach happen?
While we tend to associate data breaches with a hacker bypassing an operating system’s security, data breaches can also happen on a smaller scale. For example, a lost laptop or stolen hard drive can result in the theft and leaking of personal information.
But if you tend to associate data breaches with cyber attacks, there’s a good reason for it: these are, by far, the most common method criminals use to steal massive amounts of valuable information.
This might happen because, overall, technological innovation sometimes outpacse the security infrastructure that should go alongside — this can leave businesses, organizations and individuals exposed to malicious software, also known as crimeware.
Among the most common types of crimeware, there is:
- Phishing: Phishing is a type of social engineering attack where criminals trick users into divulging their financial information or giving hackers access to a system. Phishing attacks involve texts or emails where a hacker impersonates another individual or company, and includes a malicious link. Once the user clicks the link, they could be exposed to malware that either hijacks their system or copies sensitive information.
- Malware: Malware, short for malicious software, is software or code created to infect a system or network in a way that allows the hacker to steal information or hijack the system altogether.
- Ransomware: Ransomware is a computer virus designed to prevent organizations from accessing their files. Then, the attacker demands a ransom in exchange for restoring access.
- Distributed Denial of Service (DDoS): A DDoS is a type of Denial of Service (DoS) attack meant to render a network temporarily or indefinitely inoperable. This is often done by flooding the network or website with traffic until it crashes.
Types of data breach
As our daily lives grow increasingly more dependent on the digital, our vulnerability to these types of attacks increase.
But, even as new vulnerabilities emerge and hackers’ methods evolve, the ways in which they access your information remain pretty much the same. These can be physical, digital, skimming, keystroke recording and password guessing.
Type 1: Physical Breach
The name says it all: a physical breach involves the loss or theft of items that contain sensitive information. This can happen if someone steals a USB drive or your mail, or simply finds misplaced documents or an unsecured laptop.
Type 2: Digital Breach
These breaches involve technology, be it hardware or software. They can come from outsiders using malware to access networks or insiders who use their privileged access to copy information.
Type 3: Skimming
This happens when criminals install devices on ATMs, point-of-sale (POS) terminals, fuel pumps and any other type of card-reading device to record or copy card information from the magnetic strip on cards, along with the cardholder’s PINs. Criminals then create a copy of the card with this information.
With the increase in online shopping, criminals have also moved their skimming online. One such instance is e-Skimming or form jacking, where hackers insert malicious software into a legitimate website and copy a buyer’s personal and payment information.
Type 4: Recording Keystrokes
Cybercriminals can use either hardware or software to log or record a user’s keystrokes on a computer, phone or other electronic devices.
Many will either insert or send you a link (this is often done through a phishing email) which will download malware that records everything you type. In doing so, they’ll learn your username, passwords and any other sensitive information you input into your device.
Type 5: Password Guessing
This is one of the easiest types of data breach, because it doesn’t require hardware or complex software. This type of breach happens when people use simple (12345678) or easily guessable passwords (e.g. their birthdays or pet names) for their accounts. To breach accounts, cybercriminals can use brute-force attacks, that is, input password guesses based on your publicly available information hoping to eventually land on the correct one.
Data breach cost
To no one’s surprise, data breaches are expensive and becoming even more so by the day. According to the Ponemon Institute’s 2022 Cost of a Data Breach Report (sponsored by IBM Security), the average cost of a data breach is $4.35 million. This represents a 2.6% increase from last year and a 12.7% increase from 2020.
The study, which ran from March 2021 to March 2022, also found that 83% of the 550 organizations studied had more than one data breach.The most expensive breaches were in healthcare (with an average cost of $10.10 million), followed by financial organizations (averaging $5.97 million). Pharmaceuticals round out the top three at $5.01 million.
In addition to this, the study uncovers another concerning statistic: 60% of the organizations studied increased their prices as a result of breaches. In other words, data breach and prevention costs could result in even higher healthcare, banking and prescription medication costs.
What are the consequences of a data breach?
When an organization suffers a data breach, most of the obvious losses are financial, but there are other consequences as well.
Data breaches harm a business’ reputation and, often, the road back to consumers’ good graces can be long and arduous. A data breach may lead customers, afraid of another leak, to look elsewhere for the services they want.
For a small business, this could prove fatal. As the costs of these breaches continue climbing, small businesses could be forced to cut costs, lay off staff or, in worst-case scenarios, close up shop.
When it comes to government institutions, a breach can mean more than the loss of sensitive data. If a cybercriminal gains access to the network of a country’s critical infrastructure, it could have dire consequences on the power grid, communications apparatus or even affect the military response in the event of an emergency.
Preventing a data breach
Given just how costly a data breach can be, prevention not only protects our personal data from malicious actors but also protects our pockets.
1. Educate and train employees
Employees are often described as the first line of defense in preventing data breaches. Make sure all employees in your company are trained to spot the common types of cyberattacks and are also given the tools they need to prevent them (antivirus, password manager, VPN, for example).
Pro tip: Enforce “Bring Your Own Device” security policies where any outside or personal device used to access a network or system must have data security (VPN, antivirus, etc.).
2. Update and patch software
Keep your software up to date. This includes all software, not just firewalls, antivirus, anti-spyware programs. Software manufacturers frequently roll out patches and software updates to improve, among other things, security measures and patch up vulnerabilities. Switch on automatic software updates on all your applications so your entire system is always up to date.
Pro tip: Invest in a new device if yours is no longer supported by the manufacturer.
3. Encrypt data
Use high-grade encryption for your sensitive data. If you run a business, this is particularly important, as you’ll want to make sure to comply with both national and international privacy regulations.
Pro tip: Use a zero-trust network — this requires every user to authenticate their identity before granting access.
4. Create a response plan
One big factor that affects the cost of a data breach is the time it takes to catch and contain it. Having a solid incident response plan in place ensures that everyone knows what to do, who to contact and how to go about containing a breach as quickly as possible.
Pro tip: Evaluate and practice your response every six months to ensure the team knows what to do.
5. Use strong credentials and multi-factor authentication
The proverbial advice is to use unique, strong passwords for security, yet most of us tend to reduce, reuse and recycle passwords for convenience. Yet when it comes to cybersecurity, strong credentials, along with multi-factor authentication, work as the ramparts of your castle.
Pro tip: Use a password manager to simplify the process.
6. Conduct routine audits and evaluate security policy
Even if you have the best cybersecurity in place, you should routinely inspect and test your security infrastructure. This not only ensures your safeguards are up to date, but it will help you evaluate your team’s security awareness.
Pro tip: Consider hiring an auditing firm to conduct the evaluation.
Data breach check
By law, all U.S. states and territories require private businesses to notify individuals if their personally identifiable information (PII) has been involved in a data breach. However, you should still practice good cyber hygiene and check whether your data is part of a breach.
Cyber hygiene is the cybersecurity habits people and organizations should follow to protect the information contained in their digital devices. These steps typically include using antivirus software, having a password manager, choosing multi-factor authentication and keeping their devices’ software updated. There are also sites where you can input your email address or phone number to check if your PII has been involved in a breach.
In the past, a common way of preventing data breaches and identity theft was to change your passwords every 30, 60 or 90 days. However, this is no longer advised because changing passwords regularly led people to choose simple and memorable passwords, instead of complex ones that are harder to crack. This is why password managers are a safer bet, as they offer users a program that generates and stores passwords in an encrypted database.
What to do after a data breach
So you learned that your information was leaked in a data breach … What now?
When this happens, we recommend that affected individuals find out the type of information that was leaked, notify law enforcement, change all exposed passwords, set up a fraud alert and place a credit freeze by contacting the credit bureaus.
As for organizations, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (included in the Consolidated Appropriations Act of 2022) requires they report the data breach to law enforcement within 72 hours of discovering the breach.
Organizations must then notify their customers or users via email, phone or mail and post an announcement on their websites, in case customers did not receive the information.
The next step is to investigate the source of the breach and the type of data that was seen, stolen or deleted. Concurrently, organizations need to fix the security issue or vulnerability that led to the breach.
Lastly, entities should provide credit monitoring services for affected customers to help them deal with the possible fraud or identity theft they may experience as a result of the breach.
What is a Data Breach FAQ
What should a company do after a data breach?
Businesses must first secure their operations. This means assembling a response team (or mobilizing the one in place) to secure access points, learn what caused the breach and find out its extent. With the team in place, a company can begin fixing vulnerabilities, while simultaneously analyzing the flaws in its cybersecurity plan.
Additionally, companies are required by law to notify the authorities within 72 hours. They should also contact any service provider, partner, client or user affected by the breach.
How to avoid a data breach
Data breaches can’t be completely avoided, but there are steps companies can take to reduce the chances of becoming a victim. Organizations should have cybersecurity infrastructure in place to protect both its intellectual property as well as the personally identifiable information of its employees, users and/or customers.
A company’s cybersecurity is only as strong as its weakest user — this is why companies must also focus on educating its staff on how data breaches happen and how each individual can protect themselves.
Who is responsible for data breaches?
Most data breaches are the result of a targeted attack by cybercriminals. The Verizon Data Breach Investigations Report found that, in 2021, organized crime was responsible for 79% of attacks. The way these criminals gained access to sensitive data was through stolen credentials, phishing scams, exploiting security vulnerabilities or using botnets (robot network).
What is an example of a data breach?
In November 2021, the online stock trading app Robinhood, announced it experienced a data breach where a hacker used social engineering in order to steal personal information from millions of Robinhood users. In a blog post, the company announced that “based on [their] investigation, the unauthorized party obtained a list of email addresses for approximately five million people, as well as full names for a different group of approximately two million people.”
What is the difference between a data breach and identity theft?
A data breach happens when cybercriminals go after an organization’s or government agency’s data. Identity theft is when someone gains access to an individual’s personal information and uses it for personal gain. While both involve someone gaining unauthorized access to sensitive information, a data breach involves the data of many people rather than just one individual.
Data breaches can lead to identity theft when the breach includes the personal information (name, driver’s license numbers, bank account numbers etc.) of a company’s users, clients or customers.
Summary of Money’s What is a Data Breach
- A data breach is a security incident where someone accesses a system to view or copy sensitive information without authorization.
- Data breaches happen due to loss or theft, human error or targeted cyberattacks using malware, ransomware or phishing.
- The five main types of data breaches are: physical breach, digital breach, skimming, recording keystrokes and password guessing.
- When an organization experiences a data breach the consequences are mainly financial, but also include damage to the organization’s reputation and a loss of clients.
- The consequences of a data breach at a government entity can adversely affect a country’s critical infrastructure.
- The best ways of preventing a data breach are educating employees, updating software, encrypting data, creating a response plan, using strong passwords and conducting routine system evaluations.
- Everyone should check if they or their information have been part of a data breach.
- After a data breach, every organization should notify law enforcement, notify customers or users, investigate the source and extent of the breach and fix the security issue as quickly as possible.