Data breaches are the direct result of unauthorized access to protected or sensitive information, ranging from intellectual property and company secrets to customer details. During such an incident, the data is stolen or exposed to a party that lacks the necessary access permissions.
Typically, cybercriminals target login data, personally identifiable information (PII), medical records, and banking-related details. The value is in how easy it is to monetize it, either directly by selling it on underground markets or through fraudulent activities like identity theft – used for several types of fraud: phishing, account takeover, and the multiple forms of financial fraud.
Any organization or service can fall victim to a data breach, but those with a large consumer base make more attractive targets. Breaches commonly include names, email addresses, usernames, passwords, postal addresses, phone numbers, social security numbers (SSN) and credit card data (number, expiration date, CVV).
Usually, data breaches are the result of hackers taking advantage of various weaknesses: unpatched software with security vulnerabilities, easy-to-guess logins, malware attacks via social engineering (phishing), and misconfigured access controls. Attackers usually cast a wide net, looking for exposed devices on the internet and hitting them with exploits for known vulnerabilities or trying to brute-force their way in.
External actors are not always responsible for a data breach and, while these events are a risk, their root cause is not always malicious. It is still considered a breach if insiders with improper access or using a computer belonging to someone with elevated privileges views customer data or protected information.
At the other end, though, is the malicious insider, who accesses restricted data specifically for illegal purposes. Most of the time, this threat actor has legitimate access to the information and provides it to cybercriminals for a price.
Data breaches impact both the organization attacked and the consumer whose information cybercriminals may use for nefarious purposes. Penalties under data protection laws have increased. For some companies, the consequences may be so drastic that they are forced to permanently shut down their operations.
The experience may be no less dramatic for the victim user, either. Cybercriminals using personally identifiable data for nefarious purposes may drag the legitimate owner into legal or financial trouble. By impersonating you, they can get bank credit, contract services, or purchase goods in your name to support an illegal activity.
How does the world react to these breaches?
Data breaches are so common that a standard set of precautions and reactions has emerged to limit their negative outcome. Companies normally store and transmit customer data in a secure way (encrypted) and should notify you of security incidents impacting your information.
Immediately after getting a data breach notification, you should change your login password and make sure it is not used for any other online service – all passwords should be unique and include as many and diverse characters as possible. Where possible, activate two-factor authentication.
Email addresses are regularly part of the information set exposed in a data breach. When a big incident of this kind affects a large organization, some scammers will try to take advantage and send out phishing messages to collect sensitive information.
When financial information is involved, you should monitor your credit accounts for suspicious activity, a service often provided for free by breached companies along with identity theft protection services. Freezing your credit is also worth considering, since it makes it more difficult for someone to open a line of credit under your name.