A data breach refers to when data is accessed or stolen without permission.
So it’s theft carried out by hackers - cyber cat burglars who slip past security, get what they came for, and disappear before anyone realizes what’s happening.
They’re like guests at a party they weren’t invited to, gatecrashing to cause trouble, steal valuables, or just for the thrill of it.
But these uninvited guests aren’t always strangers.
Data breach attacks can also be carried out by people you already know. Important data might be:
→ Pulled from stolen devices
→ Accessed by employees, or
→ Exposed through scams that trick users into handing over sensitive information.
We’ll explore the different types of breaches in more detail later, but it’s crucial to remember one thing: the internet is a dangerous place for your data.
When one occurs, the consequences of a data breach for businesses - large or small - can be severe: reputational damage, financial losses, operational disruptions, and legal repercussions.
Data Breach or Data Leak?
Secure data storage is an essential business requirement.
But servers can always be deliberately breached, and data can also simply leak out through lack of care.
Admittedly, the consequences can often be the same for businesses.
And while the terms “data breach” and “data leak” are often used interchangeably, they actually refer to different types of security incidents.
Let's look at the data breach and data leak meanings:
→ A breach occurs when unauthorized individuals gain access to sensitive information.
This involves the deliberate theft or exposure of data, which can lead to serious consequences such as identity theft, financial loss, or reputational damage.
Often, this personal data is traded on the dark web.
→ A data leak results from the unintentional exposure of data.
But how does a data leak happen?
They're normally possible because of poor security practices, system misconfigurations, or human error.
And while a dataleak doesn’t always involve an external attack, it still poses significant risks as sensitive information becomes accessible without proper authorization.
As you can see, the difference comes down to intent.
But deliberate or not, the event will be just as damaging if the data is then misused.
What’s important is understanding the source and nature of the incident, which enables businesses to both manage its impact and prevent something similar from happening in the future.
How Common Are Data Breaches?
Data breaches are common, and more and more businesses are affected every year.
Take the US for instance. A report from the Identity Theft Resource Center found that there were more reported data breaches in 2023 than ever before, with 3,205 businesses successfully targeted.
These incidents affected 353 million victims, making data breaches the most widespread crime - impacting more people than any other type of offense.
Or take the UK, where an estimated 22% of businesses have experienced cyber crime in the last 12 months (GOV.UK).
Global Data Breaches in 2024
But cybercrime doesn't only happen in the English-speaking world, with Russians, Ukrainians, the Chinese, and Nigerians suffering more of these incidents than anyone else.
And while we're only in Q3, data from IT Governance suggests that 2024 will be another record year for global breaches: