What is a 'Data Breach'

A data breach (also known as data spill or data leak) is an unauthorized access and retrieval of sensitive information by an individual, group, or software system. It is a cybersecurity mishap which happens when data, intentionally or unintentionally, falls into the wrong hands without the knowledge of the user or owner. 


Data breaches are partly the result of the rising availability of data due to the increase of digital products, which has put an overwhelming amount of information in the hands of businesses. While some of the information is non-sensitive, a lot of it is proprietary and sensitive information about individuals and companies. The focus on technology-driven tools such as cloud computing platforms has also made information readily available, easily accessible, and effortlessly shareable for little costs. Companies share and use this data to improve their processes and meet the demands of an increasing tech-savvy population. However, some miscreants seek to gain access to this information in order to use it for illegal activities. The increase in the incidents of data breaches recorded within companies across the world has brought to the spotlight the issue of cybersecurity and data privacy, which has made many regulatory bodies issue new laws to combat.

Owners and users of a breached system or network don’t always know immediately when the breach occurred. In 2016, Yahoo announced what could be the biggest cybersecurity breach yet when it claimed that an estimated 500 million accounts were breached. Further investigation revealed that the data breach had actually occurred two years prior in 2014.

While some cybercriminals use stolen information to harass or extort money from companies and individuals, others sell the breached information in underground web marketplaces that trade in illegal assets. Examples of information that are bought and sold in these dark webs include stolen credit card information, business intellectual property, SSN, and company trade secrets.

Unintentional Data Breach

A data breach can be carried out unintentionally or intentionally. An unintentional data breach occurs when a legitimate custodian of information such as an employee loses or negligently uses corporate tools. An employee who accesses unsecured websites, downloads a compromised software program on a work laptop, connects to an unsecured WiFi network, loses a laptop or smartphone in a public location, etc. runs the risk of having his company’s data breached. In 2015, Nutmeg, an online investment management firm, had its data compromised when a flawed code in the system resulted in emailing the personally identifiable information (PII) of 32 accounts to the wrong recipients. The information that was sent out included names, addresses, and investment details and put the account holders at risk of identity theft.

Intentional Data Breach

An intentional data breach occurs when a cyberattacker hacks into an individual’s or company’s system for the purpose of accessing proprietary and personal information. Cyber hackers use a variety of ways to get into a system. Some imbed malicious software in websites or email attachments that, when accessed, make the computer system vulnerable to easy entry and accessibility of data by hackers. Some hackers use botnets, which are infected computers, to access other computers’ files. Botnets enable the perpetrators to gain access to multiple computers at the same time using the same malware tool. Hackers may also utilize a supply chain attack to access information. When a company has a solid and impenetrable security measure in place, a hacker may go through a member of the company’s supply chain network who has a vulnerable security system. Once the hacker gets into the member’s computer system, he can get access to the target company’s network as well.

Hackers don’t have to steal sensitive information like Social Security Numbers (SSN) at once to reveal a user’s identity and gain access to his/her personal profile. In the case of stealing information for identity theft, hackers with data sets of quasi-identifiers can piece together bits of information to reveal the identity of an entity. Quasi-identifiers like sex, age, marital status, race, and address can be obtained from different sources and pieced together for an identity. In 2015, the IRS confirmed that a data breach of over 300,000 tax payers had occurred. The cyber criminals had used quasi-identifiers to access the taxpayers’ information and fill out tax refund applications. This resulted in the IRS doling out over $50 million in refund checks to the identity thieves.

  1. Personally Identifiable Information ...

    Personally Identifiable Information (PII) is information that, ...
  2. Breach Of Contract

    Breach of contract is the violation of terms agreed upon by the ...
  3. Anticipatory Breach

    An anticipatory breach is an action in contract law that shows ...
  4. Accounting Information System - ...

    An accounting information system is the collection, storage and ...
  5. Cybersecurity

    Cybersecurity refers to the measures taken to keep electronic ...
  6. Identity Theft

    Identity theft is the crime of obtaining the personal or financial ...
Related Articles
  1. Tech

    Hackers Steal Medical Records from Quest Diagnostics (DGX)

    Quest Diagnostics is the latest company to disclose it was the victim of a hack, putting information on around 34,000 individuals at risk.
  2. Tech

    7 Ways to Protect Against Credit Card Hacks

    If your credit card hasn't been hacked yet, it may just be a matter of time. Here's how to protect yourself as much as possible before and after it happens.
  3. Tech

    Equifax Data Breach: How to Protect Yourself

    Here are seven ways to proactively protect yourself following the massive data breach at Equifax.
  4. Insights

    Apple Denies Claim That Its System Was Hacked

    An Apple spokesperson has clarified that hackers did not obtain information on 300 million accounts from Apple's system.
  5. Tech

    How to Keep Accounts Safe From Cyber Criminals

    With the advancement of financial technology online comes the risk of criminals who try to hack your accounts. Here's how to protect yourself.
  6. Tech

    Yahoo! Hack Offers Gains for Cyber ETFs (HACK)

    The New York Times reports that Yahoo CEO Marissa Mayer failed to prioritize cybersecurity at her firm. The recent breach is pushing cyber stocks higher.
  7. Tech

    How to Keep Your Social Security Number Secure

    Data breaches are common. Here's how to help make sure your Social Security number doesn't get into the wrong hands.
  8. Investing

    DOJ Indicts 4 Over Massive Yahoo Data Hacks

    The Department of Justice charged four, two of whom are alleged Russian spies, in the Yahoo ca.
  9. Tech

    Cybersecurity and Identity Theft Protection Tips

    Taking these steps will help protect your online data following the Equifax security breach.
  10. Tech

    Wendy's Shares Details of Credit Card Data Breach

    Wendy's (NASDAQ: WEN) customers at 300 franchised locations got a side of unusual credit card activity along with their Frostys in the second half of last year. The chain has been working with cybersecurity ...
  1. Why would someone change their Social Security number?

    Learn the reasons a person might choose to change his Social Security number, including identity theft and abuse, and discover ... Read Answer >>
  2. What Does the Bitcoin Blockchain Record?

    Read about the bitcoin blockchain, a public ledger shared among all bitcoin users that records the information of every single ... Read Answer >>
Hot Definitions
  1. Futures Contract

    An agreement to buy or sell the underlying commodity or asset at a specific price at a future date.
  2. Yield Curve

    A yield curve is a line that plots the interest rates, at a set point in time, of bonds having equal credit quality, but ...
  3. Portfolio

    A portfolio is a grouping of financial assets such as stocks, bonds and cash equivalents, also their mutual, exchange-traded ...
  4. Gross Profit

    Gross profit is the profit a company makes after deducting the costs of making and selling its products, or the costs of ...
  5. Diversification

    Diversification is the strategy of investing in a variety of securities in order to lower the risk involved with putting ...
  6. Intrinsic Value

    Intrinsic value is the perceived or calculated value of a company, including tangible and intangible factors, and may differ ...
Trading Center