What Is A Data Breach? Definition, Types, Examples

Did you know that 60% of small companies shut down within six months of a cyber attack?

It's a striking statistic, and there are countless others like it that underline a critical point:

Data breaches pose an existential threat to businesses and can cause significant harm to customers caught in the crossfire.

If you're looking to better understand these threats, this article is a great starting point. You'll discover what data breaches are, how they happen, and just how common they’ve become.

Let’s dive into the breach!

Every year, data breaches impact businesses and individuals across the world.

Many companies are unable to recover and close down. People’s lives can also be ruined and these data breaches serve as cautionary tales, highlighting the importance of protecting data through strong cybersecurity measures.

And while most data breaches fly under the radar of public consciousness, some are so huge that they make front page headlines. For reference, here's just two of the many stories that we've covered here at TWIPLA:

• Norway Fining Meta $98,500 per day for User Privacy Breach
• WhatsApp Data Breach Affects 487 Million Users

But that's obviously only the tip of the iceberg.

Below are some of the most significant data breaches in recent history, each leaving a lasting impact on the organizations involved and their customers.
 

Biggest 10 Data Breaches of all Time

The first thing that stands out from this list is the sheer number of people affected by these data breaches. 

If we pretend for a moment that there’s no overlap, then most people in the world had their data compromised - and that’s from only 10 breaches, big though they were.

The second thing that stands out is how recent most of these data breaches were.

While the internet has been popular since the late 1990s, all 10 of the biggest data breaches in history have happened in the last ten years.

This isn’t a coincidence.
 

“There were 5 exabytes of information created between the dawn of civilization through 2003, but that much information is now created every two days.”

- Eric Schmidt, Executive Chairman at Google

We’re in the era of big data, with over 2,560 terabytes of data created daily.

For context, some technologists have estimated that all the words ever spoken by mankind would equal half that figure.

Much of this data is stored online, making breaches more frequent and damaging than ever before.
 

Unfortunately, data breaches can arrive in a wide variety of forms.

Each category attacks different vulnerabilities, and businesses can only make their data watertight by implementing policies and processes that protect them from each category at every stage of the data lifecycle.

Below, you’ll find information about the seven main categories of data breaches.

3.4 billion phishing emails are sent every day.

- AAG-IT

Phishing attacks are scams.

They trick people into providing sensitive information like passwords or credit card numbers by pretending to be a legitimate source.

Attackers often send emails or messages that appear to come from trusted companies, urging recipients to click a link or provide personal data. 

Once the user is deceived, the attackers gain access to their account or confidential information. These attacks rely heavily on social engineering and can be difficult to spot without proper awareness.
 

Example Phishing Attack: Colonial Pipeline

The most successful phishing attack in history was suffered by the largest pipeline system for refined oil products in the US.

In May 2021, their operation ground to a halt as the result of ransomware, made possible by a successful phishing attack that gave hackers password access.

It's estimated that this breach cost the company $3.4 billion.

In 2023, 6.06 billion malware attacks were detected worldwide

- Statista

Malware is short for "malicious software," and it refers to any harmful program designed to infiltrate or damage a computer system. 

Common types of malware include viruses, worms, and spyware. 

Once installed on a device, malware can steal sensitive data, monitor activities, or cause disruption. 

Malware infections often occur when users unknowingly download malicious software through email attachments, compromised websites, or unverified downloads.
 

Example Malware Attack: WannaCry

Unlike earlier ransomware attacks that affected devices individually, the 2017 WannaCry attack was able to propagate through networks and this cryptoworm infected over 200,000 computers globally.

The attack took advantage of a Windows vulnerability that Microsoft had already addressed with a patch.

Many users, however, had not updated their systems, leaving their computers exposed.

WannaCry is considered one of the most damaging and infamous ransomware attacks ever, with estimated costs around $4 billion.

Global ransomware attacks rose by 74% between 2022 and 2023.

- Office of the Director of National Intelligence

Ransomware is a type of malware that locks or encrypts a user’s data, making it inaccessible until a ransom is paid to the attacker. 

The attacker usually demands payment in cryptocurrency and threatens to permanently delete or leak the data if the ransom isn't paid. 

Ransomware attacks can target both individuals and organizations, leading to severe disruptions and data loss. It's important never to pay the ransom, as it doesn’t guarantee the safe return of the data.
 

Example Ransomware Attack: ExPetr

In June 2017, the ExPetr ransomware, also known as NotPetya, disrupted global operations. Unlike traditional ransomware, ExPetr was designed to cause maximum damage rather than demand ransom. Originally aimed at Ukraine, its impact quickly spread beyond control.

NotPetya, a wiper disguised as ransomware, targeted Windows systems by exploiting the EternalBlue SMB vulnerability. It rapidly encrypted the master boot record (MBR), rendering affected systems unbootable and used tools like Mimikatz to steal credentials and spread through networks.

Major casualties included global shipping firm Maersk and pharmaceutical company Merck, with Maersk reporting about $300 million in losses. Overall, NotPetya's financial impact is estimated at around $10 billion, making it the costliest cyberattack in history.

Internal actors account for 19% of all data breaches.

- Verizon 2023 Data Breach Investigations Report

Insider threats come from individuals within an organization who have access to sensitive data. 

This could be an employee, contractor, or business partner. 

Insider threats can be intentional, such as when someone steals data for personal gain, or unintentional, like when someone accidentally leaks confidential information through careless actions. 

Because insiders already have access, these threats can be harder to detect than external attacks.
 

Example Insider Threat: Boeing

In 2017, a Boeing employee sent a spreadsheet to his wife for help with a formatting issue he was having, without realizing that it contained personal information of about 36,000 coworkers.

The spreadsheet had hidden columns with sensitive data, including employee IDs, birthplaces, and social security numbers.

Although Boeing believes the data remained confined to the two devices involved, the company provided two years of free credit monitoring to all employees included in the leaked database, totaling an estimated $7 million in costs.

SQL injection was the biggest threat to web applications in 2023, making up 23% of all attacks.

- Statista

SQL injection is a technique used by attackers to exploit vulnerabilities in a website’s database. 

By inserting malicious code into an input field, attackers can manipulate the database to reveal sensitive information or corrupt data. 

Websites that don’t properly validate or sanitize user inputs are vulnerable to this type of attack, which can result in the exposure of sensitive data like customer records or login credentials.
 

Example SQL Injection Attack: Heartland

In 2008, Heartland Payment Systems experienced one of the largest data breaches in history due to an SQL injection attack.

This breach exposed around 130 million credit and debit card numbers, highlighting the severe vulnerabilities in digital payment systems.

The incident, reported by Proofpoint, emphasized that no organization is immune to cyber threats and underscored the need for stronger cybersecurity measures in the financial sector.

35% of exploitation activity involves Man-in-the-Middle attacks.

- IBM X-Force Threat Intelligence Index

In a Man-in-the-Middle (MITM) attack, an attacker secretly intercepts the communication between two parties, such as between a user and a website, without either party knowing. 

The attacker can eavesdrop on or even alter the communication, potentially stealing sensitive data like passwords or financial information. 

MITM attacks often occur over unsecured Wi-Fi networks, where the attacker can easily monitor traffic.
 

Example Man-in-the-Middle Attack: NSA

In 2013, Edward Snowden leaked documents from his time as a consultant at the National Security Agency (NSA).

These documents revealed that the NSA had impersonated Google to intercept traffic by spoofing SSL encryption certificates.

This man-in-the-middle (MITM) attack allowed the NSA to access search records of all Google users, including U.S. citizens, constituting illegal domestic surveillance.

Microsoft alone responds to an average of 1,700 Denial of Service attacks every day.

- Microsoft Digital Defense Report 2023

A Denial of Service (DoS) attack floods a website or online service with an overwhelming amount of traffic, causing it to crash or become unavailable. 

The goal is to disrupt the normal operation of the service, often resulting in significant downtime for the targeted website. 

DoS attacks don’t typically steal data, but they can lead to financial losses and damage a company’s reputation by making their services inaccessible to legitimate users.
 

Example Denial of Service Attack: Dyn

In October 2016, a DoS attack targeted Dyn, a DNS provider responsible for managing the domain names of various companies.

The attack overwhelmed Dyn’s servers with excessive traffic, causing a major web outage and disrupting over 80 websites.

Major sites affected included Twitter (now X), Amazon, Spotify, Airbnb, PayPal, and Netflix.