Data Breach

A data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner. A small company or large organization may suffer a data breach. Stolen data may involve sensitive, proprietary, or confidential information such as credit card numbers, customer data, trade secrets, or matters of national security.

The effects brought on by a data breach can come in the form of damage to the target company’s reputation due to a perceived ‘betrayal of trust.’ Victims and their customers may also suffer financial losses should related records be part of the information stolen.

Based on the number of data breach incidents recorded between January 2005 and April 2015, personally identifiable information (PII) was the most stolen record type while financial data came in second.

Breach methods observed across industries

Most data breaches are attributed to hacking or malware attacks. Other frequently observed breach methods include the following:

  • Insider leak: A trusted individual or person of authority with access privileges steals data.

  • Payment card fraud: Payment card data is stolen using physical skimming devices.

  • Loss or theft: Portable drives, laptops, office computers, files, and other physical properties are lost or stolen.

  • Unintended disclosure: Through mistakes or negligence, sensitive data is exposed.

  • Unknown: In a small of number of cases, the actual breach method is unknown or undisclosed

Phases of a Data Breach

  • Research
The attacker, having picked a target, looks for weaknesses to exploit: employees, systems, or the network. This entails long hours of research on the attacker’s part and may involve stalking employees’ social media profiles to find what sort of infrastructure the company has.
  • Attack

Having scoped a target’s weaknesses, the attacker makes initial contact either through a network-based or social attack.

In a network-based attack, the attacker exploits weaknesses in the target’s infrastructure to instigate a breach. These weaknesses may include, but are not limited to SQL injection, vulnerability exploitation, and/or session hijacking.

In a social attack, the attacker uses social engineering tactics to infiltrate the target network. This may involve a maliciously crafted email sent to an employee, tailor-made to catch that specific employee’s attention. The email can phish for information, fooling the reader into supplying personal data to the sender, or come with a malware attachment set to execute when downloaded.

  • Exfiltrate
Once inside the network, the attacker is free to extract data from the company’s network. This data may be used for either blackmail or cyberpropaganda. The information an attacker collects can also be used to execute more damaging attacks on the target’s infrastructure.

Reported Data Breaches




Number of Records Stolen

Between 2013 and 2014


Email service provider


October 2016

Adult Friend Finder

Adult website


May 2016


Social media website


Between 2007 and February 2013


Credit bureau




Social media website


February 2018

Under Armour/MyFitnessPal

Fitness mobile app


Between May and July 2017


Information solutions company


May 2014


Online auction website


March 2008

Heartland Payment Systems

Credit and debit processor


December 2013




17-19 April 2011
(discovery date)

Sony PlayStation Network

Electronics firm


17 February 2012


Internet portal and email service provider


December 2006

TJX Companies



October 2017


Genealogy-testing service provider






July 2014

JP Morgan & Chase

Investment banking firm

(76,000,000 consumers; 7,000,000 small businesses)

February 2015


Health insurer



National Archive and Records Administration

Government agency




File-sharing and hosting service provider




Short-blogging website


Top 20 breach victims based on number of records stolen

Data Breach Laws

Data breach legislation differs in every country or region. Many countries still do not require organizations to notify authorities in cases of a data breach. In countries like the U.S., Canada, and France, organizations are obliged to notify affected individuals of a data breach under certain conditions.

Read more: Global Guide to Data Breach Notifications 2016
Read more: Aligning with the GDPR: Data Breach Prevention and Notification

Best Practices

For Enterprises

  • Patch systems and networks accordingly. IT administrators should make sure all systems in the network are patched and updated to prevent attackers from exploiting vulnerabilities in unpatched or outdated software.

  • Educate and enforce. Inform your employees about the threats, train them to watch out for social engineering tactics, and introduce and/or enforce guidelines on how to handle a threat if encountered.

  • Implement security measures. Create a process to identify vulnerabilities and address threats in your network. Regularly perform security audits and make sure all of the systems connected to your company network are accounted for.

  • Create contingencies. Put an effective disaster recovery plan in place. In the event of a data breach, minimize confusion by being ready with contact persons, disclosure strategies, actual mitigation steps, and the like. Make sure that your employees are made aware of this plan for proper mobilization once a breach is discovered.

For Employees

  • Keep track of your banking receipts. The first sign of being compromised is finding strange charges on your account that you did not make.

  • Don’t believe everything you see. Social engineering preys on the gullible. Be skeptical and vigilant.

  • Be mindful of what you share on social media. Don’t get carried away. If possible, don’t reveal too much about yourself on your profile.

  • Secure all your devices. These devices include laptops, mobile devices, and wearables. Ensure that they are protected by security software that is always updated.

  • Secure your accounts. Use a different email address and password for each of your accounts. You may opt to use a password manager to automate the process.

  • Do not open emails from unfamiliar senders. When in doubt, delete suspicious-looking emails without opening it. Always try to verify who the sender is and the contents of the email before opening any attachment.