What is a data breach and how to prevent it?
We keep hearing the term “data breach” and learn that yet another company suffered a security failure. But do we know what that actually means for our data? How does it affect us? The following article will answer the fundamental yet critical question: <hl>What should I know about data breaches?<hl>
What is a data breach?
According to GDPR, which can be considered the data privacy standard and dictionary nowadays, the definition of a data breach is “a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.”
In other words, a data breach is a security issue in which the data collected and used by a company regarding its own conduct or the customers using its services is exposed. The data may be published online or traded on the dark web, causing severe damage. A data breach is not to be confused with a data leak, in which there’s no deliberate attack, and unprotected information accidentally finds its way to unwanted hands.
As more information goes digital, the number of data breaches soars. That’s why it’s no wonder that due to remote work and lockdowns during the Covid-19 pandemic, the cost of US data breaches hit an all-time high. Ransomware incidents increase by more than 350% each year, leading the US to declare cybersecurity a top national priority.
Data breaches aren’t discovered and mitigated easily. Research shows that it takes an average of 228 days to identify a breach and additional time to handle it. The crisis caused by a breach can take years to overcome, and some companies or individuals may never fully recover from it.
What can cause a data breach
Different factors may lead to a data breach, and hackers can be pretty inventive.
- System vulnerabilities: Companies that fail to protect their servers leave holes for hackers to exploit. Poorly written applications and network systems offer a “trapdoor” entry point to attackers.
- Personal attacks: Some attacks involve the human factor, which can be a private customer of a company executive, also called social engineering. Hackers may execute a phishing attack and send a malicious link disguised in what seems like a regular email or message. This will offer access to the company’s systems or the users’ assets. Such attacks also include exploiting weak passwords and using fake websites and forms to commit payment fraud.
- Stolen or lost devices: Hackers may get their hands on mobile or PC devices that can be accessed and used to commit a breach. These incidents may lead to a chain of attacks when users’ accounts are used to contact and harm additional participants.
The above options are just the tip of the alarming iceberg. Hackers are constantly coming up with new ways to attack companies and users.
Famous data breach examples
Data breaches happen all the time, but some incidents stand out because they involve familiar names, include an unusual amount of data, or carry heavy consequences for people and businesses alike.
- Yahoo: More than a billion user accounts were breached when the company’s database was attacked in 2013. The information stolen included users’ names, email addresses, telephone numbers, passwords, answers to security questions, and more.
- Equifax data breach: The 2017 breach included Personally Identifiable Information (PII), exposing the data of 145.5 million US citizens and 15.2 million UK ones.
- Blackbaud: The bank details and private passwords of accounts used to raise donations were exposed, including key accounts at leading universities across the UK.
- Facebook: The tech giant is already in hot water when it comes to protecting user data. The recent breach that included the data of 533 million people in 106 countries sure isn’t helping anyone.
- Marriott: The hotel chain suffered a breach that, according to the UK’s Information Commissioner's Office, included the contact information and passport details of 339 million guests, leading to a fine of £18.4 million.
How to prevent a data breach
A data breach can cause severe damage, including legal costs in fines and lawsuits, brand and reputation damage, stolen private and business assets, and a trust crisis between users and the web. Here’s what you can do to prevent it.
- Choose a strong password that’s unique to that particular service, keep it well hidden or memorized, don’t share it with anyone, and change it every once in a while. Use additional authentication mechanisms like two-factor authentication when possible.
- Stay alert for any suspicious activity that may include strange correspondence, unfamiliar links, and anything that might indicate a possible phishing scam. Contact your company’s IT team for help, and don’t give away sensitive information if you’re unsure.
- Use the latest security technology for your business and home. This investment goes a long way.
- Only share your information with services that offer real value and use sufficient security measures. Once you’re done using a particular service, remove your data from their systems using Mine. Actively manage your data and minimize the risk of having it exposed following a data breach. Check out some of our other tips on protecting your privacy that we shared with Porch.com.
What to do if your data was breached
If you’re reading this, perhaps your data was already breached. After getting over the initial shock, here are a few quick actions you can take to minimize the threat.
- Look for updates from the breached company: Learn whether or not the breach was mitigated, how long it lasted, what information leaked, and what the company plans to do moving forward. Base your decision to remove or keep your account on these factors.
- Change your passwords: Create new passwords for the breached service and alter your security questions. If you use the same password for other services (which isn’t recommended), change them as well.
- Check your credit card and bank accounts: See if hackers found their way to your financial assets and submit a report if needed.
- Stay alert for identity theft: If anything seems out of the ordinary and you receive emails or notifications that you don’t remember signing up for, check to see if someone is using your information to commit fraud.
As you can see, there’s a lot to worry about but also plenty you can do to defend your personal information. If you want to start protecting your data right now, <nofollow>use Mine<nofollow> to delete any service you are not actively using and minimize the risk of your personal information being leaked.