{"id":6987,"date":"2012-11-10T21:24:15","date_gmt":"2012-11-10T21:24:15","guid":{"rendered":"https:\/\/www.techopedia.com\/definition\/data-breach\/"},"modified":"2024-04-15T16:31:48","modified_gmt":"2024-04-15T16:31:48","slug":"data-breach","status":"publish","type":"definition","link":"https:\/\/www.techopedia.com\/definition\/13601\/data-breach","title":{"rendered":"Data Breach"},"content":{"rendered":"

What is a Data Breach?<\/span><\/h2>\n

A data breach, also known as a data spill or data<\/a> leak, refers to an incident that involves the unauthorized or illegal viewing, access, or retrieval of data by a threat actor<\/a> \u2013 a term used to describe an entity capable of potentially attacking an organization\u2019s digital<\/a> infrastructure or network<\/a>. It is a type of security breach<\/a> including hacking<\/a>, malware<\/a>, phishing<\/a> attacks, or even physical theft of devices<\/a>, specifically aimed at stealing or publishing data to an unsecured or illegal location.<\/p>\n

By definition, data breach refers to gaining access to an entity\u2019s information without authorization<\/i>. Therefore, not all data breaches are intentional. In some cases, an accidental data breach may occur when protected data is inadvertently exposed. For example, an employee accessing confidential data they are not authorized to view is considered a data breach, regardless of whether the act was intentional or not.<\/p>\n

Techopedia Explains the Data Breach Meaning<\/h3>\n

\"Data-Breach\"<\/p>\n

    <\/ol>\n

    The meaning of data breach is when an unauthorized entity \u2013 or threat actor \u2013 accesses a secure database<\/a> or repository. Data breaches are typically geared toward logical or digital data and are often conducted over the Internet<\/a> or a network connection.<\/p>\n

    A data breach may result in data loss, including financial, personal, and health information. A hacker also may use stolen data to impersonate himself to gain access to a more secure location. For example, a data breach of a network administrator\u2019s login credentials<\/a> can result in access to an entire network.<\/p>\n

    How a Data Breach Happens<\/span><\/h2>\n

    Data breaches happen when threat actors exploit<\/a> vulnerabilities in computer systems, networks, or human behavior. For instance, unpatched systems or misconfigured firewalls<\/a> can contain known security flaws that attackers exploit or phishing emails to deceive users into clicking on malicious links.<\/p>\n

    Any information that is considered sensitive or valuable can be targeted. This varies based on the motives of the threat actor and the type of data the targeted individual or organization stores.<\/p>\n

    Types of data targeted<\/strong>:<\/p>\n

    Authentication Credentials<\/span>Biometric Data<\/span>Financial Data<\/span>Geolocation Data<\/span>Healthcare\/Medical Data<\/span>Intellectual Property<\/span>Personal Communications<\/span>Personally Identifiable Information (PII)<\/span><\/div>
    \n

    Examples<\/strong><\/p>\n

    User names, passwords<\/a>, and other account credentials<\/p>\n

    Targeted For<\/strong><\/p>\n

    Gain unauthorized access to accounts<\/p>\n

    <\/div>\n

    \n

    Examples<\/strong><\/p>\n

    Fingerprints<\/a>, iris scans, facial recognition<\/a> data<\/p>\n

    Targeted For<\/strong><\/p>\n

    Gain unauthorized access, identity theft<\/a><\/p>\n

    <\/div>\n

    \n

    Examples<\/strong><\/p>\n

    Credit card numbers, CVVs<\/a>, financial records, bank account numbers, cryptocurrency<\/a> transactions<\/p>\n

    Targeted For<\/strong><\/p>\n

    Financial gain<\/p>\n

    <\/div>\n

    \n

    Examples<\/strong><\/p>\n

    Location data obtained from mobile devices<\/a><\/p>\n

    Targeted For<\/strong><\/p>\n

    Tracking, surveillance, unauthorized targeted advertising<\/p>\n

    <\/div>\n

    \n

    Examples<\/strong><\/p>\n

    Health insurance details, medical records<\/p>\n

    Targeted For<\/strong><\/p>\n

    Identity theft, insurance fraud, extortion<\/p>\n

    <\/div>\n

    \n

    Examples<\/strong><\/p>\n

    Proprietary information, trade secrets, research and development data<\/p>\n

    Targeted For<\/strong><\/p>\n

    Disrupt operations or gain a competitive advantage<\/p>\n

    <\/div>\n

    \n

    Examples<\/strong><\/p>\n

    Emails<\/a>, text messages<\/a>, instant messages<\/p>\n

    Targeted For<\/strong><\/p>\n

    Personal information, confidential business information<\/p>\n

    <\/div>\n

    \n

    Examples<\/strong><\/p>\n

    Names, addresses, date of birth, social security and other government-issued identification numbers<\/p>\n

    Targeted For<\/strong><\/p>\n

    Identity theft, fraud<\/p>\n

    <\/div><\/div><\/div>\n

    Data Breach Phases<\/span><\/h2>\n

    \"Data<\/p>\n

    Cybersecurity<\/a> company Palo Alto Networks<\/a> breaks down the different stages of the cyberattack<\/a> lifecycle into six phases: reconnaissance, weaponization and delivery, exploitation, installation, command and control, and actions on the objective.<\/p>\n

      \n
    1. Reconnaissance
      \n<\/strong>Attackers gather information about the target, identify potential vulnerabilities, research the target’s infrastructure, and gather intelligence about employees or systems.<\/li>\n
    2. Weaponization and Delivery
      \n<\/strong>Attackers prepare exploits and deliver them to the target environment. This may involve phishing emails or leveraging known software vulnerabilities to deliver malicious       payloads<\/a>.<\/li>\n
    3. Exploitation
      \n<\/strong>Once the malicious payload is delivered, attackers exploit vulnerabilities to gain initial access. This may involve exploiting unpatched software or using stolen credentials<\/li>\n
    4. Installation
      \n<\/strong>After gaining access, attackers install backdoors, malware, or use other tools to establish persistence within the compromised environment.<\/li>\n
    5. Command and Control
      \n<\/strong>With persistence established, attackers set up command and control infrastructure to remotely manage and control the compromised systems.<\/li>\n
    6. Actions on the Objective
      \n<\/strong>In this final phase, attackers move on to the objective, which may involve stealing files, accessing databases, disrupting operations, or causing other harm to the target.<\/li>\n<\/ol>\n

      Data Breach Methods<\/span><\/h2>\n

      Cybercriminals<\/a> use a variety of methods depending on their objective (i.e., stealing files, accessing databases, disrupting operations).<\/p>\n

      Common data breach methods<\/strong> include:<\/p>\n