Security Technology Explained

What Is a Data Breach and How Can You Protect Yourself?

Georgina Torbet 20-11-2019

If you follow security news, you’ve likely heard people talking about big companies suffering data breaches. And you might worry about how these breaches can affect you as a user.

Advertisement

So what is a data breach? That’s what we’ll explain below, with advice on how to protect yourself from future breaches.

Security Incident, Security Breach, Data Breach: What’s the Difference?

What is a data breach - security incident

The general term for a company or organization being hacked or attacked digitally is a security incident. This covers a wide range of issues like malware infection, phishing attempts, distributed denial of service attacks, and employees losing equipment or having it stolen.

A security incident may or may not result in the organization’s security being compromised. If attackers are successful in compromising the organization’s security, that is called a security breach.

A data breach is a specific type of security breach. This is where attackers successfully access data that they should not have been able to access. Typically, attackers will achieve a security breach, and then steal data resulting in a data breach.

But there can be other types of data breach too. For example, an organization may accidentally leave sensitive data in an insecure location. If people can access data they shouldn’t be able to, that’s a data breach.

What Are Examples of Some Famous Data Breaches?

One of the biggest data breaches in recent years was revealed in 2018. Hackers had attacked Facebook and were able to steal information about 30 million users. They performed the attack through Facebook developer APIs (application programming interface) and were able to obtain information about users such as their names, genders, and hometowns.

Another famous data breach happened to Equifax in 2017. Equifax is a large credit reporting company and holds data on a huge number of Americans. The hackers were able to gain initial access to the company’s systems through a consumer complaint web portal using a well-known vulnerability.

Then they used the web portal to access other parts of the network. They found usernames and passwords stored in plain text (which is a huge security mistake How to Tell If a Site Stores Passwords as Plaintext (And What to Do) When sending your password to a website, it isn't always done securely. Here's what you should know about plaintext passwords. Read More ). They then used these passwords to steal data such as names, addresses, Social Security number, and dates of birth. In total, the breach potentially affected up to 145 million people.

Banking and credit card company Capital One also suffered a data breach in 2019. Hackers were able to steal the names, addresses, credit scores, and Social Security numbers of over 100 million customers.

The company had misconfigured a web application firewall, and a hacker was able to exploit this to gain access to the system. The hacker was a software engineer who had previously worked for Capital One’s web hosting company, Amazon Web Services.

How Do Data Breaches Happen?

What is a data breach - how data breaches happen

There are many ways that data breaches can happen. According to a report by Kastle Systems, the most common cause of data breaches is hacking, followed by poor security. Hackers used malware in nearly 50 percent of data breaches. They used social engineering in a quarter of breaches.

Hackers can introduce malware to a target’s computer through techniques such as email spam How to Spot Unsafe Email Attachments: 6 Red Flags Reading an email should be safe, but attachments can be harmful. Look for these red flags to spot unsafe email attachments. Read More . An email will trick a user into clicking a link which downloads malware onto their device. Another way to hack a system is through social engineering attacks like phishing. This is where hackers set up a fake website and trick users into entering their username and password into the site.

The hackers can then copy those usernames and passwords and use them to access secure systems.

Sometimes, affected organizations make mistakes which result in data breaches. For example, an employee may lose their company computer or have it stolen. If cybercriminals get their hands on that computer, they can use it to access the company’s systems.

Or, as seen in the case of Equifax, an organization may have poor security practices such as storing passwords in plan text. That makes it easier for hackers to steal data.

Affected by a Data Breach? Here’s What to Do

With so many companies suffering data breaches, the likelihood is high that you may be affected by one. Therefore, a great resource to find out if your information has been part of a breach is the website HaveIBeenPwned.com. You can enter your email address into this site to see if you have been affected by a data breach.

If your information has been included in a data breach, don’t panic. Firstly, check which sites are responsible for the breach. Now, go to each of those sites and change your password straight away. This should be enough to protect you in most cases.

Sometimes, you’ll need to take more drastic action. This would be if the breach has affected your bank, for example, or if very sensitive data such as your Social Security number has been leaked. In these cases, you may want to freeze your credit How to Prevent Identity Theft by Freezing Your Credit Your personal data has been compromised, but your identity not yet stolen. Is there anything you can do to mitigate your risks? Well, you could try freezing your credit -- here's how. Read More , start using a credit monitoring service, and/or check your credit reports to ensure no one is doing anything suspicious under your name.

If you believe someone else has opened an account under your name, contact the institution’s fraud department and let them know.

How Can You Protect Yourself From Data Breaches?

What is a data breach - how to protect yourself

In order to protect yourself from data breaches, there are a number of steps you can take:

Take Steps to Protect Yourself From Data Breaches

With this information, you can be ready for the possibility of a data breach. And by following the steps outlined above, you can make it less likely you’ll be a victim of a data breach in the future.

If you work with data as part of your job, you should also consider how hackers could target your organization. To learn more, see our data handling tips to avoid security breaches at work 5 Data Handling Tips to Avoid Security Breaches at Work Concerned that you might inadvertently cause a security breach at work? Check our data handling tips to ensure you stay secure! Read More .

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. dragonmouth
    November 20, 2019 at 1:55 pm

    Articles, like this one, are nothing more that cruel click bait. They offer false hope. The only way to protect ourselves from data breaches is to keep our data out of corporate databases and that is impossible.

    "go to each of those sites and change your password straight away"
    If your data has been stolen in a breach, it's already out there. That is like closing the barn after the horse has gotten out. The horse (your data) is already gone. Changing passwords MAY make you feel more secure but in no way prevents future breaches.

    "Take Steps to Protect Yourself From Data Breaches"
    YOU CAN'T. All you can do is to make sure that no data is stolen from YOUR physical PC. In all the breaches that you have mentioned, it was the corporate databases that were compromised. There is absolutely nothing that a private person can do to protect corporate servers because (s)he has no access to them. The protection of those servers is the job of the corporate IT security staff. Companies harvest people's data unbeknownst to them, most of the time without people's permission. A good example is Equifax. You and I and hundreds of millions others have absolutely no say in what data is collected and stored. Equifax collects that data from databases of other companies.

    I was going to say that the best way to protect ones self from being involved in data breaches is to never connect to the Internet. Then I realized that our personal data is available from many other different sources - doctor's office, banks, any place we use our credit card, schools, our jobs, et, etc, etc. The only sure way to not have our data compromised in data breaches is to live totally off the grid. Otherwise we leave data footprints all over the place.

    • ReadandShare
      November 20, 2019 at 9:53 pm

      Agree that there's really nothing we can do to prevent data breaches. But that doesn't mean we can't minimize our individual exposure somewhat. Closing the barn after the horse is already out? Well, what if a breach causes (figuratively speaking) a million barn doors to fling open simultaneously? You might still have time to re-close your individual barn door before the bad guys come after your horses!

      One thing that should help meaningfully is to use unique and hard-to-guess passwords. If a database is breached, it can take the bad guys a while to harvest millions of log-on's -- esp. if yours is fortified by a decent password. And if you act fast in changing your password once you get wind of the breach -- your account may well be safe and sound by the time the bad guys get around to breaking it.