2 min read

Data breach: the what, the why, the who

Alina BÎZGĂ

February 18, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Data breach: the what, the why, the who

Data breaches are the direct result of unauthorized access to protected or sensitive information, ranging from intellectual property and company secrets to customer details. During such an incident, the data is stolen or exposed to a party that lacks the necessary access permissions.

Typically, cybercriminals target login data, personally identifiable information (PII), medical records, and banking-related details. The value is in how easy it is to monetize it, either directly by selling it on underground markets or through fraudulent activities like identity theft – used for several types of fraud: phishing, account takeover, and the multiple forms of financial fraud.

Any organization or service can fall victim to a data breach, but those with a large consumer base make more attractive targets. Breaches commonly include names, email addresses, usernames, passwords, postal addresses, phone numbers, social security numbers (SSN) and credit card data (number, expiration date, CVV).

Usually, data breaches are the result of hackers taking advantage of various weaknesses: unpatched software with security vulnerabilities, easy-to-guess logins, malware attacks via social engineering (phishing), and misconfigured access controls. Attackers usually cast a wide net, looking for exposed devices on the internet and hitting them with exploits for known vulnerabilities or trying to brute-force their way in.

External actors are not always responsible for a data breach and, while these events are a risk, their root cause is not always malicious. It is still considered a breach if insiders with improper access or using a computer belonging to someone with elevated privileges views customer data or protected information.

At the other end, though, is the malicious insider, who accesses restricted data specifically for illegal purposes. Most of the time, this threat actor has legitimate access to the information and provides it to cybercriminals for a price.

Data breaches impact both the organization attacked and the consumer whose information cybercriminals may use for nefarious purposes. Penalties under data protection laws have increased. For some companies, the consequences may be so drastic that they are forced to permanently shut down their operations.

The experience may be no less dramatic for the victim user, either. Cybercriminals using personally identifiable data for nefarious purposes may drag the legitimate owner into legal or financial trouble. By impersonating you, they can get bank credit, contract services, or purchase goods in your name to support an illegal activity.

How does the world react to these breaches?

Data breaches are so common that a standard set of precautions and reactions has emerged to limit their negative outcome. Companies normally store and transmit customer data in a secure way (encrypted) and should notify you of security incidents impacting your information.

Immediately after getting a data breach notification, you should change your login password and make sure it is not used for any other online service – all passwords should be unique and include as many and diverse characters as possible. Where possible, activate two-factor authentication.

Email addresses are regularly part of the information set exposed in a data breach. When a big incident of this kind affects a large organization, some scammers will try to take advantage and send out phishing messages to collect sensitive information.

When financial information is involved, you should monitor your credit accounts for suspicious activity, a service often provided for free by breached companies along with identity theft protection services. Freezing your credit is also worth considering, since it makes it more difficult for someone to open a line of credit under your name.

Stop guessing what the internet knows about you. Find out with Bitdefender”s Digital Identity Protection.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read