When you buy through affiliate links in our content, we may earn a commission at no extra cost to you. Learn 
What is a Data Breach?
A data breach, also known as a data spill or data leak, refers to an incident that involves the unauthorized or illegal viewing, access, or retrieval of data by a threat actor – a term used to describe an entity capable of potentially attacking an organization’s digital infrastructure or network. It is a type of security breach including hacking, malware, phishing attacks, or even physical theft of devices, specifically aimed at stealing or publishing data to an unsecured or illegal location.
By definition, data breach refers to gaining access to an entity’s information without authorization. Therefore, not all data breaches are intentional. In some cases, an accidental data breach may occur when protected data is inadvertently exposed. For example, an employee accessing confidential data they are not authorized to view is considered a data breach, regardless of whether the act was intentional or not.
Techopedia Explains the Data Breach Meaning
The meaning of data breach is when an unauthorized entity – or threat actor – accesses a secure database or repository. Data breaches are typically geared toward logical or digital data and are often conducted over the Internet or a network connection.
A data breach may result in data loss, including financial, personal, and health information. A hacker also may use stolen data to impersonate himself to gain access to a more secure location. For example, a data breach of a network administrator’s login credentials can result in access to an entire network.
How a Data Breach Happens
Data breaches happen when threat actors exploit vulnerabilities in computer systems, networks, or human behavior. For instance, unpatched systems or misconfigured firewalls can contain known security flaws that attackers exploit or phishing emails to deceive users into clicking on malicious links.
Any information that is considered sensitive or valuable can be targeted. This varies based on the motives of the threat actor and the type of data the targeted individual or organization stores.
Types of data targeted:
Examples
User names, passwords, and other account credentials
Targeted For
Gain unauthorized access to accounts
Examples
Fingerprints, iris scans, facial recognition data
Targeted For
Gain unauthorized access, identity theft
Examples
Credit card numbers, CVVs, financial records, bank account numbers, cryptocurrency transactions
Targeted For
Financial gain
Examples
Location data obtained from mobile devices
Targeted For
Tracking, surveillance, unauthorized targeted advertising
Examples
Health insurance details, medical records
Targeted For
Identity theft, insurance fraud, extortion
Examples
Proprietary information, trade secrets, research and development data
Targeted For
Disrupt operations or gain a competitive advantage
Examples
Emails, text messages, instant messages
Targeted For
Personal information, confidential business information
Examples
Names, addresses, date of birth, social security and other government-issued identification numbers
Targeted For
Identity theft, fraud
Data Breach Phases
Cybersecurity company Palo Alto Networks breaks down the different stages of the cyberattack lifecycle into six phases: reconnaissance, weaponization and delivery, exploitation, installation, command and control, and actions on the objective.
- Reconnaissance
Attackers gather information about the target, identify potential vulnerabilities, research the target’s infrastructure, and gather intelligence about employees or systems. - Weaponization and Delivery
Attackers prepare exploits and deliver them to the target environment. This may involve phishing emails or leveraging known software vulnerabilities to deliver malicious payloads. - Exploitation
Once the malicious payload is delivered, attackers exploit vulnerabilities to gain initial access. This may involve exploiting unpatched software or using stolen credentials - Installation
After gaining access, attackers install backdoors, malware, or use other tools to establish persistence within the compromised environment. - Command and Control
With persistence established, attackers set up command and control infrastructure to remotely manage and control the compromised systems. - Actions on the Objective
In this final phase, attackers move on to the objective, which may involve stealing files, accessing databases, disrupting operations, or causing other harm to the target.
Data Breach Methods
Cybercriminals use a variety of methods depending on their objective (i.e., stealing files, accessing databases, disrupting operations).
Common data breach methods include:
- Cyber attacks
- Data interception
- Hacking
- Insider threats
- Malware
- Phishing
- Physical theft
- Social engineering
Verizon’s 2023 Data Breach Investigations Report states: “The three primary ways in which attackers access an organization are stolen credentials, phishing and exploitation of vulnerabilities.”
The report also revealed that “74% of all breaches include the human element, with people being involved either via Error, Privilege Misuse, Use of stolen credentials or Social Engineering.”
How to Prevent a Data Breach
Some steps organizations can take to reduce the risk of a data breach and protect sensitive information from unauthorized access include:
Data Breach Examples
Equifax experienced a breach that exposed the personal information of approximately 145 million people. The breach occurred due to a vulnerability in Equifax’s website software, which allowed attackers to access sensitive data, including names, SSNs, and driver’s license numbers.
Internal software flaws lead to the loss of 29 million Facebook users’ personal data. The compromised accounts included that of company CEO Mark Zuckerberg.
A Microsoft employee shared a URL that included an SAS token for an internal storage account, which had excessive privileges that allowed access to information. The account contained 38TB of private data, including a disk backup of workstation profiles for two former employees. The backup included private keys, passwords to Microsoft services, and more than 30,000 internal Microsoft Teams messages from 359 employees. The security threat was not identified until June 2023.
The company discovered the intrusion while monitoring account activity following a smaller January incident that affected about 15,000 accounts. The streaming media firm suspected the logins had been stolen from a third party, the hallmark of a “credential stuffing” attack.
Data Breach Legal Considerations
Legal considerations surrounding data breaches are crucial for organizations, not only for compliance with federal regulations but also to safeguard their reputation and financial interests.
Key considerations include:
- Contractual Obligations: Adherence to contractual obligations with third parties, such as vendors, partners, or customers, governing data handling and protection.
- Data Protection Laws: Compliance with relevant data protection laws and regulations, which impose requirements for protecting personal data and outline obligations for breach notification.
- Data Breach Notification: Understanding jurisdiction-specific laws regarding breach notification obligations, including timelines and requirements, and vulnerability disclosure.
- Liability: Potential legal liability and lawsuits from affected individuals, customers, or regulatory authorities in the event of a data breach.
- Regulatory Investigations: Possibility of regulatory investigations to assess compliance with data protection laws and regulations.
The Bottom Line
The impacts of data breaches are far-reaching, affecting not only the organization involved but also its customers, partners, and its broader ecosystem. Legal considerations are crucial – organizations must comply with relevant data protection laws and notification requirements in the event of a breach.
However, there are many steps an organization can take to reduce the risk of a data breach and protect data from unauthorized access. Implementing risk management practices such as conducting risk assessments, developing incident response plans, maintaining ongoing security measures, and providing employee training on best practices is essential for mitigating the legal risks associated with data breaches.
