What is a data breach?

A data breach occurs when private, confidential or sensitive information is accessed or exposed without authorisation.

Data breaches can be accidental or intentional. An employee might mistakenly share sensitive files, or they could deliberately steal company data for personal gain. In the case of hacking-related breaches, cybercriminals infiltrate corporate databases to steal confidential information, often for financial, competitive or malicious purposes.

Commonly stolen data includes bank account details, credit card numbers, login credentials, social security/national insurance numbers and customer records. Cybercriminals often sell stolen data for profit or use it to launch further attacks.

What should a company do after a data breach?

After identifying a data breach, companies must first contain the breach to prevent further unauthorised access. This involves determining the source and extent of the breach, including the type of data compromised and the number of affected individuals. Once the breach is contained, the company should assess its impact and notify affected individuals.

Data breach laws and notification requirements

The requirements for data breach disclosures vary depending on the affected individuals’ location, the company’s location and industry, and the type of data compromised. Under GDPR in Europe, data controllers must notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to individuals’ rights and freedoms. If the breach poses a high risk, affected individuals must also be informed without undue delay.

In the US, state data breach laws like California’s CCPA require that businesses notify affected residents “in the most expedient time possible and without unreasonable delay” if their unencrypted personal information has been acquired by an unauthorised person. If more than 500 residents are affected, a sample copy of the notification must be sent to the Attorney General.

Types of data breaches

Data breaches can stem from external attacks, insider threats or accidental exposure due to security oversights. Common types include:

  • Targeted attacks – Cybercriminals exploit weaknesses in security to steal data from individuals or organisations. Common methods include fraudulent phishing emails or messages that trick users into revealing credentials or clicking malicious links and exploiting vulnerabilities, like unpatched security flaws
  • Loss or theft – Unsecured devices, such as lost or stolen laptops, phones or external drives, can expose sensitive data, and stolen credentials can also grant cybercriminals access to confidential systems
  • Insider threats – Malicious insiders may steal or leak sensitive company information for personal gain or to harm the organisation

Examples of data breaches

Data breaches occur in various forms and impact organisations across different industries. Some notable examples include:

  • Yahoo – Revealed in 2016 and 2017 and linked to state-sponsored activity, these breaches affected three billion user accounts, compromising a vast amount of personal information
  • X (formerly Twitter) – The social media platform, X, has had multiple data breach events, with some of the more recent events in 2022 and 2023 involving the loss of millions of user records
  • MOVEit Transfer – This was breach was a widespread compromise in 2023, resulting from a vulnerability in the MOVEit Transfer file transfer software that affected numerous organisations and compromised the data from tens of millions of individuals

Preventing a data breach – Common causes and how to address them

Data breaches can damage businesses severely through financial losses, damage to reputation and regulatory penalties. Understanding their common causes is key to implementing effective prevention strategies.

  • Phishing and social engineering – Attackers manipulate individuals to reveal sensitive information or click malicious links.
    • Prevention: Regular security awareness training and email filtering tools to detect phishing attempts
  • Weak passwords and access controls – Easily guessable passwords and inadequate access restrictions allow unauthorised access.
    • Prevention: Enforce strong password policies requiring complexity and regular changes, implement multi-factor authentication (MFA) for all accounts and apply the principle of ‘zero trust’ or least privilege, limiting access to only what’s necessary
  • Software vulnerabilities – Unpatched software and outdated systems create openings for attackers
    • Prevention: Establish a regular schedule for software updates and patches, use automated patch management systems and perform regular vulnerability scans
  • Malware and ransomware – Malicious software can be used for data theft or to encrypt it in order to demand ransom for its release
    • Prevention: Install and maintain robust anti-malware solutions, implement network segmentation to contain potential infections and create secure, offline data backups regularly
  • Insider threats – Employees or contractors with malicious intent or those making unintentional errors can compromise data
    • Prevention: Monitor user behaviour for suspicious activities and create clear offboarding procedures to revoke access immediately when employment ends
  • Lack of encryption – Unencrypted data is easily readable if intercepted
    • Prevention: Encrypt sensitive data both in transit and at rest, use secure protocols (HTTPS, SSL/TLS) for data transmission and implement robust key management practices
  • Third-party vulnerabilities – Security weaknesses within third-party vendors that have access to your data can result in a breach
    • Prevention: Conduct thorough security assessments before engaging vendors, include security requirements in contracts and leverage threat intelligence to identify third-party security breaches

Additional best practices include conducting regular security audits and penetration testing, as well as leveraging threat intelligence to proactively identify potential vulnerabilities and gain real-time insights into emerging threats, enabling organisations to stay ahead of attackers and proactively protect sensitive information.

Impact of data breaches

Data breaches have serious consequences for organisations that go far beyond the initial security incident. Financial impacts typically include immediate remediation costs, customer compensation, forensic investigations and implementation of enhanced security measures. Organisations also face potential regulatory penalties, with GDPR fines reaching up to €20 million or 4% of annual global turnover.

The reputational damage following a breach is often equally significant. When customer data is compromised, trust erodes, leading to measurable declines in customer retention and brand value.

There are also legal ramifications, as those affected may pursue class-action lawsuits seeking damages for exposed personal information. These legal proceedings can continue for years, creating ongoing financial uncertainty and management distraction.

Operationally, breaches can cause business disruption, forcing organisations to redirect resources toward containment and recovery efforts. This can impact critical business functions.

These combined effects highlight why proactive security measures and comprehensive incident response planning are vital.

Consequences of data breaches

When a data breach occurs, there are serious consequences in the form of financial loss, legal settlements, fines and reputational damage.

In 2017, Equifax, a major credit reporting agency, experienced a significant data breach due to an unpatched vulnerability in their system. This breach exposed the sensitive personal information of approximately 147 million individuals, including Social Security numbers, birth dates and addresses. As a result, Equifax faced a class-action settlement of up to $700 million, which covered remediation efforts, legal fees and compensation for affected individuals. The incident severely damaged Equifax’s reputation and eroded customer trust.

Similarly, hotel chain Marriott International was impacted by a data breach that exposed the personal information of approximately 383 million guests, including passport numbers and travel details. The breach led to fines under GDPR, including an £18.4 million penalty from the UK’s Information Commissioner’s Office. The incident also caused substantial reputational damage, particularly among loyal customers, and highlights the challenges of rebuilding trust after a major security lapse.

FAQS

What does it mean if you have a data breach?

A data breach means that sensitive, confidential or personal information has been accessed, exposed or stolen without authorisation. This can lead to financial loss, reputational damage and legal consequences for individuals and organisations.

What is considered to be a data breach?

A data breach occurs when protected information — such as personal data, financial records or company secrets — is accessed or disclosed without permission. This can happen due to cyberattacks, insider threats or accidental exposure.

What is an example of a data breach?

A common example is when hackers steal customer data from an online retailer’s database, exposing names, emails and payment details. Another example is an employee mistakenly sending confidential files to the wrong recipient.

What are the three kinds of data breaches?

The three main types of data breaches are:

  • Confidentiality breach – Unauthorised access to sensitive data, such as personal records or trade secrets
  • Integrity breach – Data is altered or tampered with, leading to misinformation or fraud
  • Availability breach – Data is deleted or made inaccessible, often through ransomware or system failures

How Silobreaker helps

With the average cost of a data breach at over $4 million today, organisations need to be armed with the relevant intelligence to anticipate, monitor and prioritise the threats targeting their data, technology, assets and supply chain.

Silobreaker provides real-time threat intelligence by analysing millions of OSINT and dark web sources, as well as finished intelligence and data feeds. Its analytical tools help security teams investigate leaks and breaches affecting their industry, offering insight into the evolving threat landscape, key threat actors and emerging vulnerabilities.

Automated alerts help teams stay informed about phishing campaigns, exploited vulnerabilities, and other cyber threats, allowing for a rapid response to security risks. AI-enhanced report building provides key stakeholders with deeper visibility into threats, supporting proactive defence strategies and informed decision-making in security operations.

By consolidating intelligence in a single platform, Silobreaker enables you to assess risks in context, strengthening your organisation’s ability to prevent and mitigate attacks.

Learn more at www.silobreaker.com