Definition of a Data Breach

“Data Breach” isn’t one of those vague terms you can’t guess the meaning of from their etymology, but it’s always good to define a key term, just to make sure it’s clear to everybody. So, according to Wikipedia, “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property. ” In short, a data breach means that your confidential data is now accessible by third-party (probably a hacker) who can then use it for their own benefit (and damaging yours along the way).

How Data Breaches Happen

There are various scenarios for a data breach incident to happen. When you hear about a data breach, probably your first thought is about hackers who penetrate a company’s network from the outside and steal data, but actually a pretty common and more damaging scenario for a data breach is when insiders, i.e. company employees are involved. In the case with insiders, they just copy or transmit the data to somebody outside the organization, who later uses it for his or her own benefit. Depending on the rank of the insider and his or her data access privileges, the compromised data varies in nature. Lost employees’ devices with sensitive data on them are also an example of an insider data breach.

In the second case, when hackers penetrate a company’s network from the outside, data breaches happen because of some security vulnerability. The means here are more diverse – from a direct attack, to a virus attached to a message, to phishing and sniffing. In other words, if a company’s network is unsecured properly, hackers can find their way around, frequently without much effort. Because of the tangible nature of data, it’s very hard to spot a data breach and this is why many incidents go unnoticed and unreported. But even the ones that do get reported amount to dozens a year. Not all of these incidents involve critical information — i.e. financial data or health records but basically there are at least 5 major incidents a year involving the theft of really sensitive data of millions of users.

How Users Can Protect Themselves Against the Damages of Data Breaches

Since data breaches can be so devastating for an ordinary user, maybe you are wondering what you can do in order to protect yourself against the damages of data breaches. Unfortunately, once you give your data to a third party, there isn’t much you can do but hope they have strict data protection rules in place, good security, and loyal employees. What you can do is to research the company security policy before you setup an account and give your data to the company, particularly if you are giving your credit card details. For example, if you are worried about your email security, you can switch to email providers that provide secure email services. Probably the only thing you can do after a data breach is to change your password immediately. Not only the password on this hacked account, but also any other account that are using the same email/password combination. This won’t restore any stolen data but it can prevent further damage — not much, but more than nothing. Data breaches are scary and they could be really damaging. Companies are doing a lot to prevent data breaches and to minimize the damage if a data breach happens. However, the sad truth is you can never be sure a data breach won’t happen, and some companies won’t tell you when their servers are hacked. Just pray you won’t become victim of a major data breach of really sensitive information of yours – unfortunately, this is the only thing you as a user can do.