What is a data breach?

How well are you prepared in case a data breach occurs? Do you know what to do if your personal information has been made public in a data leak? Read more and secure yourself against data breaches and identity theft.

As more and more data is being stored in various data­bases, it doesn’t come as a surprise that data breaches and leaks are getting more common as well. You don’t need to be an IT professional to know that data breaches are a big deal and can cause a lot of harm. When­ever a large data breach occurs, the media is sure to let people know what has happened. Especially if a lot of data has been stolen — or the target of the breach is a major organization.

Luckily, by being prepared and learning more, you can minimize the risk of becoming a victim of a data breach or a leak. In case a data breach still happens and confidential data gets into the wrong hands, there are some things you can do to prevent things from getting worse. First, let’s get the definitions straight.

What are data breaches?

A data breach happens when some­one gets through security barriers and gains unauthorized access to a data­base. Naturally, this is done without the know­ledge of the owner of the data. Because of this, data breaches are a form of cyber crime and thus are punishable by law.

On top of that, the data that is accessed, stolen or destroyed in a data breach is often sensitive and confidential in nature. Such data may include people’s financial information, medical records, pass­words and other personal details. For individuals, the biggest threats posed by data breaches include account take­overs and identity theft done with the stolen information.

Criminals may also threaten companies and organizations after success­fully carrying out a data breach. Both large and small businesses and organizations can become the targets of a security incident where data is stolen. The criminals often use the stolen data for black­mailing the companies whose data has been stolen. After becoming a victim of a data breach, the targeted company is threatened with the release of stolen information if they do not pay a ransom. However, this should not be confused with ransom­ware, a type of malware.

What is the difference between a data breach and a data leak?

Now you know what a data breach is, but what about data leaks? These two terms are often used as synonyms, so it’s under­standable to be confused. How­ever, there are some differences between data breaches and data leaks. Although both data leaks and data breaches involve confidential data getting into the wrong hands, the way this data is obtained can be different.

  • In a data breach, the compromised data is accessed by hackers and criminals by exploiting vulnerabilities, using malware and other means of stealing sensitive information.
  • In a data leak, as long as the data is not taken with force, the means of accessing sensitive information does not matter. The data can be leaked by accident or some­one may gain access to the data by chance. The organization itself may also be behind the accidental leak.

What are some famous data breaches?

Many data breaches and leaks have made their way into international news as the personal data of hundreds of thousands or even millions of individuals have been stolen. Here are a couple of well-known examples from recent history:

The Equifax data breach (2017)

What makes the Equifax data breach famous is both its size and the type of data that was compromised. Equifax is a large American consumer credit agency and the data breach against them compromised the information of more than 147 million American citizens as well as millions of people in Great Britain. The personal ID, credit card numbers and other highly confidential information of more than 200 000 Americans were stolen by the criminals. The Equifax data breach was traced back to a group of Chinese hackers.

Yahoo data breaches

Personally identifiable information of more than 3 billion Yahoo users was compromised in multiple data breaches that spanned several years. The Yahoo data breaches include two large incidents in 2013 and 2014 which were made public later in 2016. These data breaches account for the largest such security incident in the history of the internet, with affected individuals in several countries. The stolen data includes names, email addresses, telephone numbers, birth dates and more.

What are the consequences and costs of a data breach?

In addition to individuals whose data is being stored, both large and small companies need to take data breaches seriously. The consequences for businesses and organizations can be very serious if they become the victim of a data breach. According to a 2021 report by IBM, the average cost of a data breach was more than 4.2 million USD. In other words, the financial damage caused by a data breach is significant. On top of that, the harm to a business's reputation is great as a consequence of a data breach.

Businesses and organizations must also make a report within 72 hours of discovering the data breach in case the breach poses a risk to individuals. In more severe cases where the individuals whose data has been compromised are at risk, they should be informed personally by the data processor.

How to protect personally identifiable information and sensitive data?

Luckily there are some things you can do to protect yourself against data breaches. Although you may not be in control of the databases where your sensitive data is stored, you can minimize the amount of information that databases have about you. This way you can limit what criminals can steal in a data breach. In case they steal your password, you can change it and prevent them from accessing your data with it.

  • Do not give away your personal information with­out a good reason.
  • Give false personal information to services when possible, instead of your personal details that could be exploited by criminals.
  • Use unique and strong pass­­words.
  • Use two-factor authentication to add an extra layer of protection.
  • Keep all programs up to date with the most recent version to add an additional layer of protection against attempts to steal your data.
  • Do not leave your devices unattended.
  • Secure all devices with a pass­word, PIN code or finger­print.

These tips are ones that every­one should consider to protect them­selves and their devices. The unfortunate fact about data breaches is that in many cases you are not the one in control of the stored data and thus cannot prevent a data breach from taking place your­self.

How to protect yourself from identity theft?

Has your personal information been exposed in a data leak? Check for free with F‑Secure Identity Theft Checker.

Identity theft is no small nuisance. Data stolen in a breach or leak can be used against you. For example, if your personal data has been compromised it can be used to make purchases in your name. The leaked personal information can also be used to impersonate you on social media.

Stay safe online with F‑Secure ID PROTECTION

F‑Secure ID PROTECTION helps you avoid identity theft. It comes with around-the-clock data breach monitoring as well as a pass­word vault for easy logging in and storing your pass­words. In case a data breach occurs and your personal data is compromised, ID PROTECTION alerts you. This gives you time to secure your personal information online and minimize risks. You will also receive advice from our cyber security experts.

Read more and try ID PROTECTION for free.

Read more