Accessing and exposing secure, sensitive, and confidential information to an unauthorized and untrusted environment
A data breach refers to an incident in which secure, sensitive, and confidential information is accessed and exposed to an unauthorized and untrusted environment. The breach can be intentional or accidental. Technically, a data breach is a violation of security protocol for an organization or individual in which confidential information is copied, transmitted, viewed, and stolen by an unauthorized person.
Data breaches involve theft or loss of private information, such as:
Data breaches are a common occurrence due to technological advancement and the sheer amount of information in digital form. They are largely carried out by cybercriminals or hackers for financial gain, espionage, terrorism, politics, or other reasons. Data breaches can potentially ruin the reputation of prominent organizations, destroy lives, and can be costly to remedy through costs of investigation, redress, victim compensation, fines, etc.
Data breaches, in general, occur due to weaknesses in systems and user behavior. Hackers are always looking to exploit the deficiencies. The rise of smartphones and social media led to the interconnectedness of devices, and constant technology upgrades are happening faster than the protection against them. In essence, more value is being placed on convenience rather than security, and it inevitably leads to more incidences of data breaches. The following are some of the ways in which data breaches occur:
According to the 2020 Verizon Data Investigations Report (DBIR 2020), external actors were the major perpetrators behind 70% of data breaches. The chart below summarizes threat actors in 2020:
Targeted data breaches carried out by cybercriminals and hackers continue to increase despite the implementation of measures to counter them. Their ultimate goal is to steal personal identification information and compromise identities for financial gain by selling information on the dark web. The following are the main ways in which targeted attacks can happen:
The DBIR 2020 lists nine core clusters of incidence classification patterns, which account for about 88% of data breaches. They are the common ways in which data breach incidences were occurring in 2020. However, these actions remain fairly consistent year over year, with slight deviations depending on technology. The nine common clusters include:
Data Breach Prevention
It is said that the security of a network is only as strong as its weakest link. Hence, it is crucial that individuals and organizations put in place inclusive preventative measures to close all potential system vulnerabilities from IT systems to end-users. Methods to prevent and minimize data breach impact include:
There are several data breaches that have taken place since the turn of the century, and many more keep being reported. As indicated earlier, the migration of world economies and corporations to the digital age creates exposed flaws in security systems. The large volume of government and corporation data appeals to criminals to benefit financially and for espionage purposes.
According to the DBIR 2020, there were 3,950 data breaches in 2020, up from 2,013 in 2019, an increase of almost 95%. Data were collected from 81 countries that cover four world regions. Most data breaches occurred in healthcare and finance. Manufacturing, information services, public sector, and professional services follow closely behind.
Below is a brief rundown of notable data breaches in the 21st century:
A massive data breach was reported that involved the exposure of user data of almost three billion email accounts – the exposed data involved names, emails, and passwords. The breach started in 2013 and was only realized in 2016. Threat actors managed to access the Yahoo corporate network and minted authentication cookies that allowed them to access email accounts without using passwords. An investigation into the breach resulted in the indictment of four individuals, who included two Russian security agents.
LinkedIn, a social media platform, experienced a data breach in 2012 that affected 167 million user accounts in which credentials were stolen. The data was reported to be up for sale on the dark web (a Russian hacker forum, to be specific). The breach was a result of a weak user password and failure by LinkedIn to salt the data. LinkedIn undertook to reset the passwords of the affected accounts.
Adobe Systems reported that their database was hacked, and about 153 million user records were stolen. The attack targeted the authentication system of a backup system that was pending decommissioning. The attack exposed customer names, IDs, passwords, and debit card and credit card records. In August 2014, through an agreement, Adobe promised to pay $1.1 million in legal fees together with an undisclosed amount to settle claims of violating the Customer Records Act.
In 2018, Marriott reported that they suffered an attack from hackers that stole about 500 million customer’s data. The breach initially targeted Starwood Hotels systems from 2014 (before Marriot acquired the hotel brand) and remained hidden until 2018. The hackers obtained customer contact details, travel, and personal information. The incident was allegedly linked to a Chinese intelligence group.
Sina Weibo, a Chinese social media app with over 538 million accounts, reported a breach in March 2020 where 172 million user accounts were compromised. The data stolen included phone numbers, location, gender, names, and other details. However, passwords were not included. The data was reported to be on sale for a mere $250. The matter went for investigation by the Chinese Cyber Security agency.
To keep learning and advance your career, the following resources will be helpful: