What is a 'Data Breach'

A data breach (also known as data spill or data leak) is an unauthorized access and retrieval of sensitive information by an individual, group, or software system. It is a cybersecurity mishap which happens when data, intentionally or unintentionally, falls into the wrong hands without the knowledge of the user or owner. 


Data breaches are partly the result of the rising availability of data due to the increase of digital products, which has put an overwhelming amount of information in the hands of businesses. While some of the information is non-sensitive, a lot of it is proprietary and sensitive information about individuals and companies. The focus on technology-driven tools such as cloud computing platforms has also made information readily available, easily accessible, and effortlessly shareable for little costs. Companies share and use this data to improve their processes and meet the demands of an increasing tech-savvy population. However, some miscreants seek to gain access to this information in order to use it for illegal activities. The increase in the incidents of data breaches recorded within companies across the world has brought to the spotlight the issue of cybersecurity and data privacy, which has made many regulatory bodies issue new laws to combat.

Owners and users of a breached system or network don’t always know immediately when the breach occurred. In 2016, Yahoo announced what could be the biggest cybersecurity breach yet when it claimed that an estimated 500 million accounts were breached. Further investigation revealed that the data breach had actually occurred two years prior in 2014.

While some cybercriminals use stolen information to harass or extort money from companies and individuals, others sell the breached information in underground web marketplaces that trade in illegal assets. Examples of information that are bought and sold in these dark webs include stolen credit card information, business intellectual property, SSN, and company trade secrets.

Unintentional Data Breach

A data breach can be carried out unintentionally or intentionally. An unintentional data breach occurs when a legitimate custodian of information such as an employee loses or negligently uses corporate tools. An employee who accesses unsecured websites, downloads a compromised software program on a work laptop, connects to an unsecured WiFi network, loses a laptop or smartphone in a public location, etc. runs the risk of having his company’s data breached. In 2015, Nutmeg, an online investment management firm, had its data compromised when a flawed code in the system resulted in emailing the personally identifiable information (PII) of 32 accounts to the wrong recipients. The information that was sent out included names, addresses, and investment details and put the account holders at risk of identity theft.

Intentional Data Breach

An intentional data breach occurs when a cyberattacker hacks into an individual’s or company’s system for the purpose of accessing proprietary and personal information. Cyber hackers use a variety of ways to get into a system. Some imbed malicious software in websites or email attachments that, when accessed, make the computer system vulnerable to easy entry and accessibility of data by hackers. Some hackers use botnets, which are infected computers, to access other computers’ files. Botnets enable the perpetrators to gain access to multiple computers at the same time using the same malware tool. Hackers may also utilize a supply chain attack to access information. When a company has a solid and impenetrable security measure in place, a hacker may go through a member of the company’s supply chain network who has a vulnerable security system. Once the hacker gets into the member’s computer system, he can get access to the target company’s network as well.

Hackers don’t have to steal sensitive information like Social Security Numbers (SSN) at once to reveal a user’s identity and gain access to his/her personal profile. In the case of stealing information for identity theft, hackers with data sets of quasi-identifiers can piece together bits of information to reveal the identity of an entity. Quasi-identifiers like sex, age, marital status, race, and address can be obtained from different sources and pieced together for an identity. In 2015, the IRS confirmed that a data breach of over 300,000 tax payers had occurred. The cyber criminals had used quasi-identifiers to access the taxpayers’ information and fill out tax refund applications. This resulted in the IRS doling out over $50 million in refund checks to the identity thieves.

  1. Personally Identifiable Information ...

    Personally Identifiable Information (PII) is information that, ...
  2. Breach of Contract

    A breach of contract is the violation of terms agreed upon by ...
  3. Anticipatory Breach

    An anticipatory breach is an action in contract law that shows ...
  4. Cybersecurity

    Cybersecurity refers to the measures taken to keep electronic ...
  5. Identity Theft

    Identity theft is the crime of obtaining the personal or financial ...
  6. PIN Cashing

    PIN cashing is a type of cybercrime in which stolen debit or ...
Related Articles
  1. Tech

    Hackers Steal Medical Records from Quest Diagnostics (DGX)

    Quest Diagnostics is the latest company to disclose it was the victim of a hack, putting information on around 34,000 individuals at risk.
  2. Investing

    Cyber ETF Week in Review: HACK (HACK)

    Yahoo’s recent cyber breach has put its deal with Verizon in doubt. This Cybersecurity ETF continues to rally as more breaches take shape.
  3. Tech

    7 Ways to Protect Against Credit Card Hacks

    If your credit card hasn't been hacked yet, it may just be a matter of time. Here's how to protect yourself as much as possible before and after it happens.
  4. Trading

    Equifax Breach Opens the Door for Short-Term Traders

    Equifax shares plummeted after it revealed a data breach affecting nearly half the U.S. population. What are the key levels to watch?
  5. Trading

    Sonic Shares Recover From Data Breach

    Sonic shares have posted a strong recovery following a data breach, but uncertainty remains.
  6. Insights

    Apple Denies Claim That Its System Was Hacked

    An Apple spokesperson has clarified that hackers did not obtain information on 300 million accounts from Apple's system.
  7. Investing

    Equifax CEO Retires In Wake of Massive Data Breach

    Equifax's CEO is retiring effective immediately in the wake of a massive data breach.
  8. Tech

    Whose Fault Is Identity Theft?

    You've been so careful, so how did they get your information? Who is really to blame for your identity being stolen?
  9. Tech

    5 Tips to Protect Yourself from Identity Theft

    The Equifax data breach has brought to light the importance of protecting your identity.
  10. Investing

    Amazon's Whole Foods Latest to Report Data Hack

    WFM disclosed its payment systems for taprooms and table service at some stores has been hacked.
  1. What Does the Bitcoin Blockchain Record?

    Read about the bitcoin blockchain, a public ledger shared among all bitcoin users that records the information of every single ... Read Answer >>
  2. What is backtesting in Value at Risk (VaR)?

    The value at risk is a statistical risk management technique that monitors and quantifies the risk level associated with ... Read Answer >>
  3. Where can I find fiscal year data for publicly traded corporations?

    Access fiscal year data for publicly traded corporations that is required by the government to be readily available to the ... Read Answer >>
Trading Center