Get started Bring yourself up to speed with our introductory content.

An explanation of data breaches

By

In this video, Informa TechTarget customer success specialist Ben Clossey explains what happens when a data breach occurs and the different forms they can take.

Malicious or not, data breaches are serious business.

A data breach occurs when sensitive, protected or confidential data is accessed, released or stolen without authorization. It can affect personal information, such as credit card numbers, Social Security numbers or medical records; or corporate data, such as trade secrets and customer information.

Data breaches might occur due to a variety of causes, including cyberattacks, human error or even the physical theft of hardware, which we'll get into in this video.

While there are many different types of data breaches, they can almost always be attributed to a security weakness. This weakness can either be exploited by a hacker with malicious intent or just exposed through daily operations or human error.

The most common causes of a data breach, considering the current cyber landscape, include the following:

  • Accidental leaks, like from configuration mistakes or lapses in judgment with data.
  • Data in transit, which might be intercepted if not encrypted.
  • Phishing and other social-engineering attacks that trick a user into giving an attacker access.
  • Password cracking, especially if a system allows unlimited password attempts.
  • Physical data breaches, like if an attacker accesses the physical location of data, such as finding or stealing a USB drive or laptop.
  • A lack of access controls, providing an easy entry point for unauthorized access.
  • Backdoors or undocumented ways to enter a network.
  • Insider threats, meaning employees who have legitimate access and abuse it.

Once a breach is detected, organizations are often legally required to notify affected individuals, regulators and sometimes the public. The laws governing these notifications vary by jurisdiction.

For example, the EU's GDPR mandates that individuals be informed within 72 hours of a breach involving personal data. In the U.S., all 50 states and multiple territories have data breach notification laws for breaches involving personally identifiable information, or PII. The specifics of these laws vary by jurisdiction.

Data breaches can have severe consequences.

For individuals, they can result in identity theft, financial loss, and damage to personal reputation.

For organizations, data breaches can lead to any or all of the following:

  • The financial costs of remediation, legal fees and regulatory fines.
  • Reputational harm.
  • Customer loss.
  • Long-lasting brand damage.

To mitigate the risk of a data breach, organizations should implement comprehensive security measures such as strong encryption, regular vulnerability assessments, employee training, incident response plans, regular data backups and proactive recovery planning.

Do you feel prepared against a data breach? Why or why not? Share your thoughts in the comments, and remember to like and subscribe, too.

Sabrina Polin is a senior managing editor of video content for the Learning Content team. She plans and develops video content for Informa TechTarget's editorial YouTube channel, Eye on Tech. Previously, Sabrina was a reporter for the Products Content team.

View All Videos