A Data Breach has occurred when the legitimate owner or custodian of sensitive information verifies that it has been intentionally or accidentally been compromised. The term data breach may also refer to when a party that isn’t explicitly approved to view or access another’s information is confirmed to have done so.
Data breaches are often intentional disclosures or theft of another party’s information by a hacker or an inside threat such as a disgruntled employee or whistleblower. Sometimes called data incidents, these events are known to involve personally identifiable information (PII) data, bankcard information, social security numbers, and medical records. Adversaries such as individuals, competitors, and foreign governments also carry out these attacks to obtain corporate or government proprietary secrets such as customer data, manufacturing processes, and programming source code.
Damage from data breaches is often not confined to the logged incident. If the fruits of a data breach spur additional fraud through the misuse of the lost information, or a threat to wellbeing of a company or government, the data’s legitimate owner or custodian may face civil or criminal fines.
“My bank suffered 2 major data breaches last year, so I think I’ll be packing up and taking my business elsewhere. The risk is just too big to stay with them.”