What is a 'Data Breach'

A data breach (also known as data spill or data leak) is an unauthorized access and retrieval of sensitive information by an individual, group, or software system. It is a cybersecurity mishap which happens when data, intentionally or unintentionally, falls into the wrong hands without the knowledge of the user or owner. 


Data breaches are partly the result of the rising availability of data due to the increase of digital products, which has put an overwhelming amount of information in the hands of businesses. While some of the information is non-sensitive, a lot of it is proprietary and sensitive information about individuals and companies. The focus on technology-driven tools such as cloud computing platforms has also made information readily available, easily accessible, and effortlessly shareable for little costs. Companies share and use this data to improve their processes and meet the demands of an increasing tech-savvy population. However, some miscreants seek to gain access to this information in order to use it for illegal activities. The increase in the incidents of data breaches recorded within companies across the world has brought to the spotlight the issue of cybersecurity and data privacy, which has made many regulatory bodies issue new laws to combat.

Owners and users of a breached system or network don’t always know immediately when the breach occurred. In 2016, Yahoo announced what could be the biggest cybersecurity breach yet when it claimed that an estimated 500 million accounts were breached. Further investigation revealed that the data breach had actually occurred two years prior in 2014.

While some cybercriminals use stolen information to harass or extort money from companies and individuals, others sell the breached information in underground web marketplaces that trade in illegal assets. Examples of information that are bought and sold in these dark webs include stolen credit card information, business intellectual property, SSN, and company trade secrets.

Unintentional Data Breach

A data breach can be carried out unintentionally or intentionally. An unintentional data breach occurs when a legitimate custodian of information such as an employee loses or negligently uses corporate tools. An employee who accesses unsecured websites, downloads a compromised software program on a work laptop, connects to an unsecured WiFi network, loses a laptop or smartphone in a public location, etc. runs the risk of having his company’s data breached. In 2015, Nutmeg, an online investment management firm, had its data compromised when a flawed code in the system resulted in emailing the personally identifiable information (PII) of 32 accounts to the wrong recipients. The information that was sent out included names, addresses, and investment details and put the account holders at risk of identity theft.

Intentional Data Breach

An intentional data breach occurs when a cyberattacker hacks into an individual’s or company’s system for the purpose of accessing proprietary and personal information. Cyber hackers use a variety of ways to get into a system. Some imbed malicious software in websites or email attachments that, when accessed, make the computer system vulnerable to easy entry and accessibility of data by hackers. Some hackers use botnets, which are infected computers, to access other computers’ files. Botnets enable the perpetrators to gain access to multiple computers at the same time using the same malware tool. Hackers may also utilize a supply chain attack to access information. When a company has a solid and impenetrable security measure in place, a hacker may go through a member of the company’s supply chain network who has a vulnerable security system. Once the hacker gets into the member’s computer system, he can get access to the target company’s network as well.

Hackers don’t have to steal sensitive information like Social Security Numbers (SSN) at once to reveal a user’s identity and gain access to his/her personal profile. In the case of stealing information for identity theft, hackers with data sets of quasi-identifiers can piece together bits of information to reveal the identity of an entity. Quasi-identifiers like sex, age, marital status, race, and address can be obtained from different sources and pieced together for an identity. In 2015, the IRS confirmed that a data breach of over 300,000 tax payers had occurred. The cyber criminals had used quasi-identifiers to access the taxpayers’ information and fill out tax refund applications. This resulted in the IRS doling out over $50 million in refund checks to the identity thieves.

  1. Supply Chain Attack

    A supply chain attack is a cyberattack that attempts to inflict ...
  2. Doxing

    Doxing is the intentional act of publishing someone’s private, ...
  3. Botnet

    A botnet is a network of internet-connected devices that have ...
  4. Data Loss

    Data loss occurs when valuable and/or sensitive information on ...
  5. Ransomware

    Ransomware is a cyber-extortion tactic that uses malicious software ...
  6. Advanced Persistent Threats (APT)

    An Advanced Persistent Threat (APT) is a large-scale, sophisticated, ...
Related Articles
  1. Tech

    Verizon Likely to Complete Yahoo Buy Despite Hacks

    Yahoo's sale to Verizon is likely to go forward because users are used to hacks by now.
  2. Tech

    Bitcoin Price Plunges 20% After Hackers Steal $72 Million

    Bitcoin price falls 20% after a security breach at a Hong Kong-based exchange.
  3. Tech

    Equifax Data Breach: How to Protect Yourself

    Here are seven ways to proactively protect yourself following the massive data breach at Equifax.
  4. Insights

    Uber Paid Hackers to Keep Massive Breach a Secret

    The ride-hailing company paid hackers $100,000 to keep the October 2016 breach quiet.
  5. Tech

    3 Steps to Protect Yourself After a Security Breach

    Three steps you can take to protect yourself from an online security breach.
  6. Investing

    Reports: Verizon, Yahoo in Discounted Deal

    A revised Verizon-Yahoo deal may involve a final price tag lowered by $300 million.
  7. Trading

    Sonic Shares Recover From Data Breach

    Sonic shares have posted a strong recovery following a data breach, but uncertainty remains.
  8. Investing

    Equifax CEO Retires In Wake of Massive Data Breach

    Equifax's CEO is retiring effective immediately in the wake of a massive data breach.
  9. Tech

    5 Tips to Protect Yourself from Identity Theft

    The Equifax data breach has brought to light the importance of protecting your identity.
  10. Investing

    Amazon's Whole Foods Latest to Report Data Hack

    WFM disclosed its payment systems for taprooms and table service at some stores has been hacked.
  1. What is backtesting in Value at Risk (VaR)?

    Learn about the value at risk of a portfolio and how backtesting is used to measure the accuracy of value at risk calculations. Read Answer >>
  2. When should I use seasonally adjusted data from the consumer price index (CPI)?

    Learn what seasonally adjusted data is, how it is determined and when it should be used to evaluate the information gathered ... Read Answer >>
  3. Is Apple Pay safe and free?

    Learn more about Apple Pay, one of Apple's newest and most metamorphic programs that is changing the way consumers purchase ... Read Answer >>
  4. What Does the Bitcoin Blockchain Record?

    Read about the bitcoin blockchain, a public ledger shared among all bitcoin users that records the information of every single ... Read Answer >>
  5. What should I look for when choosing a forex trading platform?

    A trading platform is a piece of software that acts as a conduit for information between a trader and a broker. A trading ... Read Answer >>
Hot Definitions
  1. Net Present Value - NPV

    Net Present Value (NPV) is the difference between the present value of cash inflows and the present value of cash outflows ...
  2. Price-Earnings Ratio - P/E Ratio

    The Price-to-Earnings Ratio or P/E ratio is a ratio for valuing a company that measures its current share price relative ...
  3. Internal Rate of Return - IRR

    Internal Rate of Return (IRR) is a metric used in capital budgeting to estimate the profitability of potential investments.
  4. Limit Order

    An order placed with a brokerage to buy or sell a set number of shares at a specified price or better.
  5. Current Ratio

    The current ratio is a liquidity ratio that measures a company's ability to pay short-term and long-term obligations.
  6. Return on Investment (ROI)

    Return on Investment (ROI) is a performance measure used to evaluate the efficiency of an investment or compare the efficiency ...
Trading Center