What Is a Data Breach? How They Happen and How to Stop Them

A data breach is the unauthorized access and exposure of an organization’s private information. Data breaches are often the result of a cyberattack, and they represent an enormous security risk to both individuals and organizations.

Breached data can include proprietary company data like financial reports and trade secrets or customer info like credit cards and social security numbers. They’re potentially extremely costly to companies, both financial and reputational.

Learn how and why data breaches happen, why they’re so costly, and how to recover from and prevent them.

There are several potential causes for a data breach:

• Cyberattacks: Web application attacks, social engineering, and system intrusions are the entry point for most data breaches.

• Lost devices: A misplaced or stolen computer or hard drive can provide a doorway for a data breach if found by the wrong person.

• Human error: Accidentally misconfiguration or exposing sensitive data leads to possible breaches.

• Privilege misuse: Insider employees–whether accidental or malicious–can cause data breaches with their ability to access sensitive information.

According to Verizon’s 2021 Data Breach Investigations Report, social engineering is the primary driver of data breaches–it’s involved in nearly 40% of these incidents. Phishing, business email compromise, and ransomware are the primary methods used in socially engineered data breaches.

Data breaches cost companies $4.24 million per incident, according to IBM's cost of data breach study. On the higher end, so-called mega breaches involving 50 to 65 million records cost exponentially more, with average costs reaching $400 million.

Data breaches are so expensive due to a few factors:

1. Many data breaches involve ransomware attacks. Companies have to pay a costly ransom before they can access their breached data.

2. Identifying and assessing a data breach is expensive. Responding to data breaches requires audits, notifications, and technical fixes. This all costs quite a bit to implement.

3. Remote work leads to costlier breaches. The IBM study found that breaches involving remote working cost companies about $1 million more compared to breaches without remote operations. Companies that have not modernized in response to the remote switch are especially at risk.

4. Addressing a data breach takes time and effort. The IBM report found that data breaches took 212 days to detect and 75 to contain. The time spent responding to a data breach is time a company can’t spend on growing its business.

5. Data breaches damage company reputation. With vendor compromise and supply chain attacks representing an enormous risk, companies with data breaches can lose business.

If your company is hit with a data breach, there are some immediate steps you should take.

First, stop the spread. Isolate impacted systems and lock any accounts that were compromised or used to access data.

Second, identify the cause of the compromise. Whether it’s due to faulty data storage, a successful phishing attack, or simply a lost laptop, you can’t recover from a data breach until you know how it happened.

Next, bring in all relevant stakeholders. That includes decision makers from the C-suite, security, IT, legal counsel, and PR departments. A serious data breach requires a top-to-bottom response, both internally and externally.

You’ll need to conduct a forensics investigation to further understand the cause and spread of the breach. And you’ll need to alert parties impacted by the breach. Depending on your jurisdiction and the nature of the breach, there are certain regulations to follow. This is where legal counsel comes in.

Finally, be patient.Data breaches can take several months to identify and recover from. It’s not a quick process.

The quick answer: preventing a data breach starts with strong, comprehensive security.

The IBM data breach study found that companies with these features fared considerably better after a breach:

• Security analytics

• AI detection technology

• Encryption

• Zero trust strategy

• Automation

Incorporating these features helped companies avoid breaches in the first place. And if a breach happened despite the security measures, IBM reported that companies saved $1.5 to $3 million recovering from the beach, compared to companies without such security features.

The lesson: adopt modern security technologies, and assess and audit them annually. The IBM report found that stolen user credentials are the most common cause of data breaches. Modern email attacks like phishing, business email compromise, and supply chain attacks rely on social engineering to trick victims into giving up credentials.

The severity of a data breach depends on the type of data you collect, how you store that data, and who has access to it. Restrict data access to a need-to-know basis, and gate it behind secure passwords, authentication, and encryption.

A data breach often involves malicious, intentional actions to access secured data. That includes cyberattacks like phishing and ransomware.

A data leak, on the other hand, is usually the result of an accident, where data is unintentionally exposed. This can happen with poor data security and sanitization, outdated systems, and a lack of employee training.

The line between data breaches and leaks is blurry. The conditions that allow cyberattackers to conduct a successful data breach are often present in data leaks.

While several data breaches have made the news in recent years, a few stand out due to their severity and size:

• Equifax: A server exploit led to a breach of credit reports from over 140 million people. The breach took a few months to identify and shut down. Equifax eventually settled with the FTC on a fine of $575 million.

• Yahoo: Yahoo has the unfortunate distinction of falling victim to two of the largest known data breaches. In 2013, hackers stole account details for 3 billion users, including unencrypted security questions and answers. A year later, hackers stole data from 500 million accounts. Names, birthdays, email addresses, hashed passwords, and security questions and answers were part of the breach.

• Marriott: The hotel chain saw about 383 million customer records accessed in a hack. This breach included passport numbers (encrypted and unencrypted) and payment card details. Authorities allege the hack came from Chinese government-sponsored cyberattackers as part of an intelligence-gathering campaign.

These are three notable examples, but there are hundreds more.

The rapid transition to remote work opened doors for attackers to breach data. Employees now access sensitive data from unsecured personal wifi rather than secured office networks, for example. The increased adoption of collaborative tools for remote workers brings unforeseen vulnerabilities. These conditions are ripe for a data breach, whether malicious or accidental.

It’s not just remote work. Data breaches are lucrative, especially when they involve ransomware, and ransomware attacks are growing in cost and scale. The bottom line: accessing private data can pay well, and ransomware groups are motivated by money.

Finally, don’t underestimate the power of human error. Whether it’s ignoring old security vulnerabilities, using weak passwords, losing a company device, or falling for a phishing scam, human error is a major factor in data breaches.