A data breach occurs when someone gains unauthorized access to a computer system’s sensitive, protected, and confidential information and the data has been viewed, stolen, or used illegally. Data breaches can happen anywhere, and it’s important to know what to do if you are affected by a data breach.
Definitions of Breach Terms
Before we continue discussing data breaches, we need to understand the different types of breaches and the various ways that these breaches can occur. Data breaches can be broken down into five categories:
- Business: a breach that occurs within a business or organization (ex: grocery stores, retailers, etc.)
- Financial: a breach that occurs within a financial corporation (ex: banks, credit card companies, etc.)
- Educational: a breach that occurs within an educational institution (ex: universities, high schools, etc.)
- Government/military: a breach that occurs within a government or military-based facility (ex: police departments, military bases, etc.)
- Medical/health care: a breach that occurs within a medical institution or health care company (hospitals, pharmacies, etc.)
Breaches can occur in the following ways:
- Insider theft: exposure of information as a result of theft orchestrated by an individual within the institution such as an employee or staff member (either former or current)
- Hacking: exposure of information as a result of a targeted attack executed through unauthorized access of a computer or network
- Data on the move: exposure of information during transportation or movement of information and information containers (computers, folders, hard drives, etc.) from where they are normally kept
- Third-party/subcontractor error: unintended exposure of information as a result of a third party or subcontractor
- Employee error: unintended exposure of information as a result of an error made by an employee
- Accidental internet exposure: exposure of information as a result of unintended access to the Internet
- Physical theft: exposure of information due to physical theft of information and/or information containers (computers, folders, hard drives, etc.)
Analysis of Breach Terms
How do data breaches happen?
As we just read, data breaches can occur in various types of institutions in a number of ways. While some breaches are purely accidental, it doesn’t change the fact that your information could be at risk after a breach. Let’s take a closer look at four of the most common ways that data breaches occur.
A company’s data system is like a gold mine for hackers. Hackers find vulnerable areas of a specific computer system or network to gain access to its information. Personally identifiable information (PII) can be more valuable than money and can be sold on the black market for a high price. Hackers can also use your PII to create credit card accounts, apply for jobs and receive tax refunds. (Learn more about identity theft and identity fraud.)
Breaches can be accidents. In the case of employee error, the data breach may not have any specific motivation but occurs when an employee is tricked into unknowingly allowing access to a company’s secured data through phishing emails or deceptive websites. Employees may accidentally provide sensitive information about the company’s data servers on a fraudulent website or download malware that intercepts data entered or stored on the computer.
Sometimes a breach can occur due to an error of a company’s supplier, again purely accidental, when sensitive data is inappropriately processed or shipped. This can result in the exposure of this information to unauthorized sources. Information can also be at risk when vendors do not properly delete user information.
Theft and Loss
Data breaches can also happen by merely leaving a phone on a table in a restaurant or a thief breaking into a car and stealing a laptop. Exposure of confidential information can happen simply by theft and loss of PCs, tablets, laptops, USB storage devices, and smartphones that store sensitive information.
Applying the Breach Terms
Can you prevent a data breach?
Unfortunately, there is no way that you or anyone else can prevent a data breach from happening. However, you can decrease the chance of your information being misused by knowing what to do if your data is involved in a data breach.
What should I do if a data breach happens?
Let’s take a look at a few steps you should take if you think you’ve been affected by a data breach:
- Stay updated. It’s important to know which company was affected, what type of information was compromised and how many people were affected and the time period of the breach (if pertinent). Knowing this information can help determine whether or not your information is at risk.
- Check for breach notifications. Companies are required to notify consumers that could have been affected by a data breach in most states. Watch for letters, emails, or other types of notifications alerting you that your information may have been compromised.
- Monitor your credit/debit cards closely. If there is a chance that your credit or debit card information was stolen, keep an eye on your bank statements for unauthorized activity.
- Communicate with your bank. If you notice any unauthorized activity on your cards, call your bank to file a claim for fraud.
- Consider Identity Theft Protection. With every Sontiq product, you have access to a Certified Resolution Specialists that will help secure your information and work with you if your information becomes compromised by a data breach.
10 Tips for Data Breach Victims
If you’ve been a victim of a data breach you are at an increased risk of identity crime. Monitor your accounts and follow these tips to best protect yourself.