Data Breach

DEFINITION of 'Data Breach'

An unauthorized access and retrieval of sensitive information by an individual, group, or software system. A data breach is a cybersecurity mishap which happens when data, intentionally or unintentionally, falls into the wrong hands without the knowledge of the user or owner.

Also known as Data Spill or Data Leak.

BREAKING DOWN 'Data Breach'

The rising availability of data due to the increase of digital products has put an overwhelming amount of information in the hands of businesses. While some of the information is non-sensitive, a lot of it is proprietary and sensitive information about individuals and companies. The focus on technology-driven tools such as cloud computing platforms has also made information readily available, easily accessible, and effortlessly shareable for little costs. Companies share and use this data to improve their processes and meet the demands of an increasing tech-savvy population. However, some miscreants seek to gain access to this information in order to use it for illegal activities. The increase in the incidents of data breaches recorded within companies across the world has brought to the spotlight the issue of cybersecurity and data privacy which many regulatory bodies are issuing new laws for.

A data breach can be carried out unintentionally or intentionally. An unintentional data breach occurs when a legitimate custodian of information such as an employee loses or negligently uses corporate tools. An employee who accesses unsecured websites, downloads a compromised software program on a work laptop, connects to an unsecured WiFi network, loses a laptop or smartphone in a public location, etc. runs the risk of having his company’s data breached. In 2015, Nutmeg, an online investment management firm, had its data compromised when a flawed code in the system resulted in emailing the personally identifiable information (PII) of 32 accounts to the wrong recipients. The information that was sent out included names, addresses, and investment details and put the account holders at risk of identity theft.

An intentional data breach occurs when a cyberattacker hacks into an individual’s or company’s system for the purpose of accessing proprietary and personal information. Cyber hackers use a variety of ways to get into a system. Some imbed malicious software in websites or email attachments that, when accessed, make the computer system vulnerable to easy entry and accessibility of data by hackers. Some hackers use botnets, which are infected computers, to access other computers’ files. Botnets enable the perpetrators to gain access to multiple computers at the same time using the same malware tool. Hackers may also utilize a supply chain attack to access information. When a company has a solid and impenetrable security measure in place, a hacker may go through a member of the company’s supply chain network who has a vulnerable security system. Once the hacker gets into the member’s computer system, he can get access to the target company’s network as well.

Hackers don’t have to steal sensitive information like Social Security Numbers (SSN) at once to reveal a user’s identity and gain access to his/her personal profile. In the case of stealing information for identity theft, hackers with data sets of quasi-identifiers can piece together bits of information to reveal the identity of an entity. Quasi-identifiers like sex, age, marital status, race, and address can be obtained from different sources and pieced together for an identity. In 2015, the IRS confirmed that a data breach of over 300,000 tax payers had occurred. The cyber criminals had used quasi-identifiers to access the taxpayers’ information and fill out tax refund applications. This resulted in the IRS doling out over $50 million in refund checks to the identity thieves.

Owners and users of a breached system or network don’t always know immediately when the breach occurred. In 2016, Yahoo announced what could be the biggest cybersecurity breach yet when it claimed that an estimated 500 million accounts were breached. Further investigation revealed that the data breach had actually occurred two years prior in 2014.

While some cybercriminals use stolen information to harass or extort money from companies and individuals, others sell the breached information in underground web marketplaces that trade in illegal assets. Examples of information that are bought and sold in these dark webs include stolen credit card information, business intellectual property, SSN, and company trade secrets.