Data Breach
What is Data Breach?
Data BreachA confirmed security incident in which an unauthorised party accesses, exfiltrates, or discloses sensitive, protected, or confidential information.
A data breach occurs when an attacker bypasses controls and gains access to records that should have remained restricted, such as customer credentials, payment data, health information, or trade secrets. Common root causes include phishing, vulnerable web applications, stolen credentials, insider abuse, and supply-chain compromise. Breaches trigger regulatory notification duties under laws such as GDPR, HIPAA, and US state breach laws, and they often result in fraud, lawsuits, and lasting reputational damage. Defences combine least-privilege access, encryption of data at rest and in transit, robust logging, EDR, network segmentation, and tested incident-response and breach-notification plans.
● Examples
- 01
Equifax (2017): exploitation of an unpatched Apache Struts flaw exposed records of about 147 million people.
- 02
Yahoo (2013-2014): compromises affecting all 3 billion user accounts.
- 03
Target (2013) and Marriott/Starwood (2018): point-of-sale and reservation-system intrusions affecting hundreds of millions of customers.
● Frequently asked questions
What is Data Breach?
A confirmed security incident in which an unauthorised party accesses, exfiltrates, or discloses sensitive, protected, or confidential information. It belongs to the Attacks & Threats category of cybersecurity.
What does Data Breach mean?
A confirmed security incident in which an unauthorised party accesses, exfiltrates, or discloses sensitive, protected, or confidential information.
How does Data Breach work?
A data breach occurs when an attacker bypasses controls and gains access to records that should have remained restricted, such as customer credentials, payment data, health information, or trade secrets. Common root causes include phishing, vulnerable web applications, stolen credentials, insider abuse, and supply-chain compromise. Breaches trigger regulatory notification duties under laws such as GDPR, HIPAA, and US state breach laws, and they often result in fraud, lawsuits, and lasting reputational damage. Defences combine least-privilege access, encryption of data at rest and in transit, robust logging, EDR, network segmentation, and tested incident-response and breach-notification plans.
How do you defend against Data Breach?
Defences for Data Breach typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Data Breach?
Common alternative names include: Security breach, Information breach.
● Related terms
- attacks№ 277
Data Leak
Accidental or negligent exposure of sensitive data, usually through misconfiguration or human error rather than an active attacker breaking in.
- defense-ops№ 398
Exfiltration
The MITRE ATT&CK tactic (TA0010) covering techniques used to transfer stolen data out of a victim network to an attacker-controlled location.
- forensics-ir№ 524
Incident Response
The organised process of preparing for, detecting, analysing, containing, eradicating, and recovering from cyber security incidents, then capturing lessons learned.
- privacy№ 818
Personally Identifiable Information (PII)
Any data that can identify a specific individual on its own or when combined with other information, such as names, identifiers, or biometric records.
- compliance№ 440
GDPR
The European Union's General Data Protection Regulation governing the processing of personal data of individuals in the EU and EEA.
- attacks№ 232
Credential Stuffing
An automated attack that replays large lists of username/password pairs leaked from one service against other services, exploiting password reuse to take over accounts.
● See also
- № 511Identity Theft
- № 147Card Skimming
- № 355Doxxing
- № 1118Swatting
- № 884Pwned Password
- № 264Cyber Insurance