The risk of being affected by a data breach is increasing for both individuals and businesses and all businesses, large and small, can be affected by a data breach.
In this blog post, we will describe what a data breach is, what kinds of data breaches there are, and what information can be exposed in a data breach.
Hacking, data breach or data leakage?
People often confuse the words "hacking", "data breach" and "data leakage" or use them interchangeably.
What is hacking?
Hacking is when someone, who may be called a "black hat hacker", attempts to compromise a digital device and gain unauthorised access to the sensitive information stored on it.
While hacking refers to specific techniques, such as brute-force attacks that rely on trial-and-error to guess someone's password, many people use "hacking" informally to describe a wide range of cybercrimes. Hacking is often used as a vague and broad term that ends up encompassing several different types of cyberattacks or vulnerabilities.
What is a data breach?
A data breach is what happens as a result of hacking - someone with malicious intent has gained access to sensitive data, such as financial information or social security numbers. This data can be sold on the "dark web", used as a tool for extortion or leaked to the public or competitors. The reason for the breach can vary widely, so it is important to understand the different types of vulnerabilities that hackers will try to exploit.
What is a data breach?
A data breach happens when sensitive data is accidentally exposed, either on the internet or through physical exposures, including lost hard drives or laptops. This can lead to a cybercriminal gaining unauthorised access to the sensitive data.
A data breach is therefore not the result of a cyber-attack and often occurs due to poor data security practices or unintentional action by a private individual or employee.
If a hacker finds a data breach, the exposed data can be used to plan a cyber attack. So by protecting your data and avoiding data leaks, you reduce the risk of data breaches.
Common types of data breaches
To protect yourself or your business, it is crucial to understand the different types of data breaches that exist. If you know what to look out for, you can implement security measures and minimise your risk of being affected by a data breach.
- Password attacks. Stolen passwords are one of the most common types of data breaches. The use of simple and short passwords makes you vulnerable to a brute-force attack, a hacking method used to guess passwords. If you reuse passwords, many cybercriminals will also use data from previous data breaches to access your other accounts.
- Ransomware attacks. Ransomware is a type of software that blocks access to files and data until a ransom is paid to the hacker.
- Malware. Malware is malicious software or viruses that can be installed on the recipient's device to exploit data, software and hardware.
- Key loggers. Key loggers are a type of malware that hackers use to record what you type on your digital device, such as passwords and credit card numbers.
- Phishing. Phishing is a social engineering attack that involves deceptive and manipulative communications, usually emails or text messages, to trick the recipient into sharing sensitive data or information.
- Pretexting. Pretexting is another type of social engineering attack in which a hacker, through a lengthy process such as pretending to be a customer service representative or a colleague, attempts to trick the recipient into sharing sensitive information.
- Physical exposure. This can range from losing your phone or laptop, to writing down your passwords on a piece of paper that can be stolen.
Data from private individuals
The primary target of most cyber criminals is personal information. Sensitive information includes social security numbers, credit card numbers and other personal information that can result in identity theft.
There is a range of corporate data that cyber criminals want to get their hands on.
This data varies from company to company, but often involves:
- Personal information: name, address, phone number, email address, username, password
- Activity information: order and payment history, browsing history, user details
- Credit card details: card numbers, CVV codes, expiry dates, billing numbers
Information specific to the company may also be disclosed. This can be financial information from banks and investment groups, medical records fra hospitals and insurance companies or sensitive documents and forms for government agencies.
Company information can be:
- Internal communications: notes, emails and documents describing the company's operations
- Performance: performance statistics, projections and other data collected about the company
- Strategy: business plans, roadmaps and other key business information
The exposure of this type of information can hamper business projects, give competitors insight into business operations and reveal internal culture. The larger the company, the more interest there is in this type of data.
This is the most serious information that can be exposed in a data breach. Trade secrets are information that is vital to your business and its ability to compete with other businesses. Trade secrets include:
- Plans, formulas, designs: information about existing or future products and services
- Code and software: Special technology that the company sells or has created for internal use
- Commercial practices: market strategies and contacts
Exposure to this type of data can reduce the value of the products and services a company provides and may delay research.
About the author
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.