What is a Data Breach?

A data breach is any incident in which someone gains unauthorized access to sensitive or protected information. This includes both information leaking outside of an organization and internal breaches where employees, contractors, or partners copy, view, transmit or steal data that they should not have access to.

Data breaches can affect both individuals and organizations. Breaches of corporate data can be intentional or the result of inadvertent actions by an authorized user of the data.

Read the Security Report Request a Demo

What is a Data Breach?

How Data Breaches Happen

Data breaches can occur in a variety of ways. One of the major differentiators is whether the threat originated internally or externally to the organization

Internal Threats

The popular conception of data breaches and other security incidents is that they are performed intentionally by cybercriminals operating from outside the organization. However, insiders can be just as dangerous to an organization and its data.

Trusted insiders have legitimate access to an organization’s network, systems, and potentially the sensitive data in question. This makes it easier for them to gain access to the protected data and take actions that – intentionally or otherwise – cause it to be exposed to unauthorized users.

For example, a common source of data breaches is misconfigured cloud infrastructure. If an insider copies corporate data to a personal cloud or changes cloud security settings to make it easier to use, this may allow unauthorized parties to access and use the data in question.

External Threats

Data breaches can also originate from outside the organization, and these are the breaches that typically make the news. Data breaches involving large amounts of sensitive information are of wider interest than an email forwarded to the wrong person.

External data breaches follow similar attack progressions to other cyberattacks. These attack chains – as outlined in Lockheed Martin’s Cyber Kill Chain or the MITRE ATT&CK framework – involve a series of steps that move the attacker from initial reconnaissance to accessing and exfiltrating the target data.

Once an attacker has access to sensitive or protected data, they can use it in various ways. Often, data is offered for sale on the dark web, and some types of data can be used to gain access to user accounts or for fraudulent activities.

Types of Data Breaches

Data breaches come in many different forms. Some of the more common types of data breaches include the following:

  • Employee Error: Employee error is a common cause of data breaches. Employees can cause a data breach directly (by exposing data via email, cloud infrastructure, etc.) or can make a breach easier to perform (by using weak credentials, misconfiguring security settings, etc.).
  • Lost/Stolen Devices: Lost or stolen devices can cause data breaches if the data is not encrypted at rest. Examples include computers, mobile devices, removable media, etc.
  • Malware: Some types of malware are designed specifically to steal sensitive information. This includes banking trojans, credential stealers, and other malware such as remote access trojans (RATs) that give the attacker the access needed to steal data.
  • Phishing: Phishing emails are commonly designed for data theft. Phishing attacks could be intended to steal user credentials, request sensitive information from employees, etc.
  • Ransomware: Ransomware groups have expanded their attacks to include additional forms of extortion to force targets to pay a ransom beyond simply denying access to sensitive or valuable content. This includes stealing data from a target and threatening to leak it if a ransom is not paid.
  • Skimming: Skimmers are designed to collect payment card data at a point of sale (POS) device or website. Skimmers can be physical devices or malicious code built into a site.

Web Application Attacks: Exploitation of web application vulnerabilities are another common cause of data breaches. SQL injection and cross-site scripting (XSS) are two examples of web application attacks that can leak sensitive data.

Data Breach Examples

Data breaches have become an everyday occurrence, and even the biggest breaches differ significantly in technique. For example, some of the biggest recent data breaches include:

  • Colonial Pipeline: The Colonial Pipeline hack is best known for the ransomware attack against the pipeline. However, the attackers also stole about 100 gigabytes of data that they threatened to leak if the ransom was not paid.
  • Facebook: In January 2021, a data breach of the personal information of 214 million Facebook users (408 GB of data) was leaked via an unsecured database belonging to Socialarks, a Chinese social media management company.
  • Kroger: The attackers of the supermarket chain accessed over a million HR and pharmacy records, including names, phone numbers, addresses, birthdates, Social Security Numbers (SSNs), and healthcare data. This was a supply chain breach enabled by an attack on Accellion, a third-party cloud provider.

Prevent Data Breaches with Check Point

Data breaches are increasingly common, and data protection regulations are growing more stringent and impose stricter penalties for data leaks. Organizations looking to minimize the potential probability and cost of a data breach should implement cybersecurity best practices, including:

  • Access Control
  • Cybersecurity Awareness Training
  • Data Encryption
  • Endpoint Security
  • Threat Detection and Prevention

Check Point’s 2021 Cybersecurity Report outlines the major cyber threats that companies are facing in 2021. To learn more about preventing these threats with Check Point, sign up for a free demo of Harmony, Check Point’s unified security solution for users, devices, and access.

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK