Data breach is a cyber security incident in which data like personal information and corporate data are accessed, altered, erased or disclosed without authorisation. Data breach can be resulted from various causes like cyber attacks on computer systems, malicious acts of insiders, negligent acts of employees, etc. Cyber criminals may exploit the breached data for identity theft or other fraudulent purposes.
The threat of data breach has been escalating in recent years. According to a survey conducted by a security software company in 2019, the number of reported breaches increased by 54% in the first six months of 2019 as compared with the same period in 2018. In the first half of 2019, there were 3 800 data breaches involving over 4.1 billion of records being publicly disclosed. Data breach will not only tarnish the victims’ reputation, but will also result in massive tangible and intangible loss to the victim.
What May Cause Data Breach?
To minimise the risks of data breach, it is important to understand the following major causes of data breach:
Phishing is the most common cause of data breach. Cyber criminals may disguise themselves as a trusted or legitimate party to initiate a phishing attack by setting up fraudulent websites or sending spoofed emails to lure users to click on malicious URL links.
When users click on the links, they will be redirected to malicious webpages that can steal their login credentials or execute malicious code on the users’ systems by exploiting vulnerabilities in browsers or operating systems. This enables the cyber criminals to gain access to sensitive data in victims’ systems. They can even move laterally through the network in search of other valuable data for exfiltration.
In 2019, two staff accounts of an airline company were breached in a phishing attack. Over a hundred thousand of personally identifiable information (PII) from the airline company’s internal documents were believed to be leaked to cyber criminals.
Cyber criminals can exploit vulnerabilities in various systems and applications such as:
Cyber criminals may use exploit kits to scan and compromise software through the vulnerabilities to obtain user login credentials or collect commercial data without being detected.
For example, injection attack is one of the most prevalent types of cyber attacks. By injecting specially crafted queries or codes into systems or web applications running with programming languages such as Structured Query Language (SQL), Lightweight Directory Access Protocol (LDAP), etc., cyber criminals can execute remote commands, take control of the infected systems and access the data therein.
In 2017, a credit reporting agency leaked the data of hundreds of millions consumers due to unpatched vulnerabilities in software. Although related patches were available well before the incident, the company failed to apply them in time which led to security breach.
Misconfiguration of systems or networks can result in vulnerability, leading to serious security incidents like data breach. It can happen in different aspects of computer systems, such as:
In 2019, an information technology company exposed hundreds of millions customer records due to misconfigured network security settings of a database. Unencrypted data was exposed and made accessible to anyone with a web browser without authentication.
Users may have rights to access sensitive data or privileged systems due to operational needs, e.g. present or former employees, third-party contractors, or service providers, etc. They could pose potential threats as they may use the data for illicit purposes such as selling commercial data of a company to competitors. On the other hand, some users without malicious intent may leak the sensitive data by negligence, such as losing a removable device storing sensitive data.
In 2019, millions of PII records of a bank were found breached. The data was stolen by a bank employee who gathered customer information and shared it with a third-party outside the bank.
Impact of Data Breach
Laws and regulations on data breach have been put in place in different regions which impose legal obligations on data controllers and processors to properly handle and protect personal data. Some notable examples of such legislation include the Personal Data (Privacy) Ordinance of Hong Kong and General Data Protection Regulation (GDPR) of the European Union. Companies that fail to adhere to the applicable laws and regulations may be subject to legal actions (e.g. fines and imprisonment) taken by the regulatory authorities.
Companies can suffer huge financial loss in data breaches. Data breach can affect or disrupt the operation of a company and result in loss of business. Other financial consequences include payment to affected customers for reimbursement and settlement as well as the costs for legal services, breach response and investigation, etc.
Data breach can cause serious damage to the brand and reputation of a company, projecting a negative image to the existing and potential customers. Clients and business partners may lose their trust and terminate their relationship with the companies.
Respond to Incident
When a data breach occurred, the company should consider the following actions to effectively respond to the incident:
Disclaimer: Users are also recommended to observe the disclaimer of this website and read the user agreements and privacy policies of the security software and tools before download and use them.