- Security News
- Cyber Attacks
- Data Breaches 101: How They Happen, What Gets Stolen, and Where It All Goes
Though people have reached a seeming point of desensitization to news citing a data breach, protecting user data has become increasingly important amid stricter regulation implementation. Companies are no longer just required to announce that their systems have been breached but also pay fines that can reach up to 4 percent of their annual turnover should they deal with the data belonging to European Union (EU) citizens in accordance with the General Data Protection Regulation (GDPR) requirements.
Just this year, big names such as Macy’s, Bloomingdale’s, and Reddit have joined the ever-growing list of breach victims. Compromised data is a subject that needs the public’s full attention. Data breaches can result in the loss of millions, even billions, of private records and sensitive data, affecting not just the breached organization, but also everyone whose personal information may have been stolen.
A data breach occurs when a cybercriminal successfully infiltrates a data source and extracts sensitive information. This can be done physically by accessing a computer or network to steal local files or by bypassing network security remotely. The latter is often the method used to target companies. The following are the steps usually involved in a typical a breach operation:
The following table shows the 10 biggest breach incidents reported to date:
Company/Organization | Number of Records Stolen | Date of Breach |
---|---|---|
Yahoo | 3 billion | August 2013 |
Equifax | 145.5 million | July 2017 |
eBay | 145 million | May 2014 |
Heartland Payment Systems | 134 million | March 2008 |
Target | 110 million | December 2013 |
TJX Companies | 94 million | December 2006 |
JP Morgan & Chase | 83 million (76 million households and 7 million small businesses) | July 2014 |
Uber | 57 million | November 2017 |
U.S. Office of Personnel Management (OPM) | 22 million | Between 2012 and 2014 |
Timehop | 21 million | July 2018 |
The motive of a cybercriminal defines what company he/she will attack. Different sources yield different information. The following are examples of common targets with details on what kind of data was stolen:
Business
Medical/Healthcare
Government/Military
Banking/Credit/Financial
Educational
Based on the data stolen, here are specific types of information that are of value to cybercriminals. Hackers search for these data because they can be used to make money by duplicating credit cards, and using personal information for fraud, identity theft, and even blackmail. They can also be sold in bulk in Deep Web marketplaces.
[Read: Where do all the stolen information go?]
End users are almost never the target of cybercriminals who are out to steal sensitive information in bulk, unless an individual is connected to an industry (see Spear Phishing). However, end users can be affected when their records were part of the information stolen from big companies. In such cases, it is best to take note of the following practices.
[More: Data breach news, incidents, and resources]
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.