views
At fourteen years old, I received an extraordinary gift: a diary!
It wasn't an ordinary diary; it had a lock, and I always carried the key with me. I thought nobody could open my diary, so I wrote the most personal sensitive information in it. For example, when I had my first kiss, I wanted to capture the moment, so I disclosed my deepest feelings. Then, one day I entered the room and saw my mom reading my diary.
A data breach is a security incident where sensitive, protected, or confidential information is copied, transmitted, viewed, stolen, or used by someone unauthorized to do so. The keywords are "without authorization."
Data Breaches can be intentional and unintentional incidents. Both cases are painful.
An example of an intentional incident would be my mom reading my diary. I know my mom did her best to protect me and considered it appropriate to break into my sensitive personal information. In her mind, that was what a good mom should do. I get it now, and moms are just moms, right?
It's different when hackers, scammers, and Cybermonsters intentionally break into a database to steal personal information. Data breaches are common occurrences today. One out of every three businesses experiences a data breach each year. Hackers often try to trick people into giving away sensitive information like usernames, passwords, credit card numbers, etc., then sell that information online.
Cybermonsters sometimes exploit software systems vulnerabilities to gain access to confidential data. And some companies suffer data breaches because employees make mistakes. But, most often, cybercriminals gain access to sensitive data because someone left a laptop unattended, opened a file cabinet, or never updated their devices.
An example of an unintentional data breach incident would be a system failure, a computer breaking causing the access to personal sensitive information available to others.
There are many reasons for a data breach, including phishing, poor security practices, human error, and even negligence. A data breach could result from single or multiple incidents over time.
In addition to being a security risk, data breaches are costly. They can result in significant legal liabilities and fines, including those levied under the Health Insurance Portability and Accountability Act (HIPAA); the Sarbanes–Oxley Act (SOX). There are also state laws regarding consumer protection, employment law, privacy, and federal laws regarding the Federal Trade Commission (FTC).
Consequences of data breaches
The consequences of a successful cyberattack or data breach can be devastating. Cybermonsters steal data, causing significant financial losses for businesses, governments, and regular people like you and me. They can use that data for financial gain, blackmail victims into doing things like paying off debts, giving up trade secrets, or even committing identity theft. Or hackers might exploit that stolen data to inflict physical harm on people or institutions.
Cybermonsters take advantage of the fact that many companies store large amounts of customer data online, employees, and business parties. In a data breach, they can find out a person's name, address, phone numbers, email addresses, social security numbers, credit card numbers, driver's licenses, passports, tax ID, medical records, bank account information, and much more.
This type of information is known as Personally Identifiable Information (PII). PII is considered one of the most valuable commodities on the internet because it allows potential buyers to build detailed profiles of consumers, allowing them to market products and services specifically to those people.
Once hackers have gained access to a database containing PII, they can do a lot of damage. For example, they can use the information to impersonate real people and send phishing emails to unsuspecting employees, tricking them into revealing login credentials. Hackers can also use the information to make fraudulent purchases or withdraw money directly from a victim's bank accounts. In some cases, criminals may try to alter the PII, change the names associated with the data or add fake identities to the list.
Here are some examples of the types of data breaches and why they happen:
1. Stolen Information
This occurs when someone uses another person's identity without permission. For example, a thief might use a victim's name, address, Social Security number, date of birth, and mother's maiden name to open fraudulent accounts in his/her/they name. I know many cases when family members are involved in this type of data breach because they are close to the person and know their habits.
One example is Susan. She was struggling emotionally and financially. Susan decided to use her niece's social security information and personal data to sign up for questionable services that could render her some benefits. Sadly for her niece, it took years to reverse the damage.
Stolen information could also happen in a business environment. For example, if a careless employee leaves sensitive information, their computer unlocked and visible, someone steals it, compromising the organization and its intellectual property.
2. Identity theft
Identity thieves or Cybermonsters obtain sensitive information about people and use it fraudulently. This includes stealing identities, opening fake bank accounts, applying for loans, and obtaining credit cards. Not every data breach results in identity theft, and not every identity theft is the same.
One new form of fraud is Synthetic Identity theft which combines real information from a data breach with fake details to create a new identity. Children are a common target for this type of fraud because they have a clean social security number and credit history that normally remains unchecked until they reach adulthood.
3. Ransomware
Ransomware is when you receive a message stating your computer or phone has been locked or encrypted. Then, the victim receives a ransom note demanding payment to get the information back. In many cases, Cybermonsters threaten the victims to release the data to pressure them, as it may affect other business partners, employees, or customers.
One way to become a victim of ransomware is through phishing emails which involve sending email messages that look like they're coming from legitimate sources such as banks or credit card companies. Cybermonsters use this tactic to trick people into giving away their login credentials.
What are the Top 5 most significant data breaches of all time?
The news reports a data breach almost every day, and the information type varies. Still, it usually includes personal information such as name, email, address, etc.
- CAM4 data breach (2020) - 10.88 billion records were impacted, including names, emails, sexual orientation, chat transcripts, passwords, IP addresses, and payment logs.
- Yahoo data breach (2013) - 3 billion user accounts were affected, including email addresses.
- Aadhaar data breach (2018) - 1.1 billion Indian citizens were affected, exposing the world's largest biometric database, including names, unique identity numbers, and bank details.
- First American Financial Corporation data breach (2019) - 885 million users were affected, including sensitive records dating back more than 16 years, including bank accounts, social security numbers, wire transactions, and more.
- Verifications.io data breach (2019) - 763 million users were affected, exposing unique email addresses, phone numbers, date of birth, and more.
A LinkedIn data breach (2021) affected 700 million users. Although the company claims this isn't a data breach because the attackers use a data scraping technique, which means extracting the data generated by a computer program. The leaked data is enough to carry out cyber attacks on the exposed victims.
What to do when a data breach happens
When a data breach occurs, time is of the utmost importance. A good response plan can minimize damage and limit future exposure. However, there are many things to consider when developing a comprehensive recovery strategy. Here are some tips to keep in mind:
1. Identify and isolate the systems affected.
The first step in recovering from a data breach is identifying and isolating systems or networks that have already been breached. This helps prevent additional exposures. Next, an organization must identify and separate systems or networks with unauthorized access, such as email servers, file shares, databases, etc.
2. Determine Extent of Breach
Once you've isolated systems or networks that have experienced a breach, you can begin assessing the impact. Cybersecurity tools can help organizations identify and evaluate potential threats and vulnerabilities. Using these tools, you can quickly assess whether a breach has occurred and what type of breach it might be and detect malware, suspicious activity, and anomalous behavior on the network.
3. Perform Formal Risk Assessment
A formal risk assessment helps understand how much information was exposed and where it resides. By performing a thorough assessment, you'll be able to prioritize resources better, mitigate risks, and respond accordingly. You can perform this analysis manually or automate it using software solutions.
The good news is that you can take steps to avoid becoming part of the problem. If you're concerned about your organization's data security, here are some ways to protect yourself against a data breach.
- Incorporate the Be I AM practice in your organization. Teach your employees and family members to Be Intentional, Aware, and Mindful online and offline, so they can recognize when Cybermonsters are trying to trick them. Learn more about the Be I AM practice here https://www.youtube.com/watch?v=v46TAoZl1XI
- Use Two-Factor Authentication 2FA. Two-factor authentication requires both something you know (your password) and something you possess (a code sent via text message). This helps prevent someone from logging into your account without knowing your password. You can set up two-step verification for Gmail, Facebook, Twitter, LinkedIn, Dropbox, Apple ID, and many others.
- Use Strong and Meaningful Passwords. Choose an affirmation or meaningful phrase as your password for your most sensitive accounts. Even better, use a password manager if possible.
Instead of being surprised by the consequences of a data breach, you can find out if you are a victim. Visit the website service https://haveibeenpwned.com/
and take steps to protect yourself, your family, and your business from Cybermonsters.
Please share what practices you have incorporated personally or in your business to protect your data.
Blog Url:-
https://sandraestok.com/what-is-data-breach-and-why-does-it-matter-to-you/