Data Breach: What it Means, How it Works, Types

By
The Investopedia Team
Investopedia logo
Full Bio
Investopedia contributors come from a range of backgrounds, and over 24 years there have been thousands of expert writers and editors who have contributed.
Learn about our editorial policies
Updated August 30, 2022
Reviewed by
Michael J Boyle
Michael Boyle
Reviewed by Michael J Boyle
Full Bio
Michael Boyle is an experienced financial professional with more than 10 years working with financial planning, derivatives, equities, fixed income, project management, and analytics.
Learn about our Financial Review Board
Fact checked by
Suzanne Kvilhaug
Suzanne Kvilhaug
Fact checked by Suzanne Kvilhaug
Full Bio
Suzanne is a content marketer, writer, and fact-checker. She holds a Bachelor of Science in Finance degree from Bridgewater State University and helps develop content strategies for financial brands.
Learn about our editorial policies

What is a Data Breach

A data breach (also known as data spill or data leak) is unauthorized access and retrieval of sensitive information by an individual, group, or software system. It is a cybersecurity mishap that happens when data, intentionally or unintentionally, falls into the wrong hands without the knowledge of the user or owner. 

Data breaches are partly the result of the rising availability of data due to the increase of digital products, which has put an overwhelming amount of information in the hands of businesses. While some of the information is non-sensitive, a lot of it is proprietary and sensitive information about individuals and companies.

Understanding Data Breaches

The focus on technology-driven tools such as cloud computing platforms has made information readily available, easily accessible, and effortlessly shareable for little cost. Companies share and use this data to improve their processes and meet the demands of an increasingly tech-savvy population. However, some miscreants seek to gain access to this information in order to use it for illegal activities. The increase in the incidents of data breaches recorded within companies across the world has brought to the spotlight the issue of cybersecurity and data privacy, which has made many regulatory bodies issue new laws to combat.

Owners and users of a breached system or network don’t always know immediately when the breach occurred. In 2016, Yahoo announced what could be the biggest cybersecurity breach yet when it claimed that an estimated 500 million accounts were breached. Further investigation revealed that the data breach had actually occurred two years prior in 2014.

While some cyber criminals use stolen information to harass or extort money from companies and individuals, others sell the breached information in underground web marketplaces that trade in illegal assets. Examples of information that are bought and sold in these dark webs include stolen credit card information, business intellectual property, SSN, and company trade secrets.

Unintentional Data Breach

A data breach can be carried out unintentionally or intentionally. An unintentional data breach occurs when a legitimate custodian of information such as an employee loses or negligently uses corporate tools. An employee who accesses unsecured websites, downloads a compromised software program on a work laptop, connects to an unsecured Wi-Fi network, loses a laptop or smartphone in a public location, etc. runs the risk of having his company’s data breached. In 2015, Nutmeg, an online investment management firm, had its data compromised when a flawed code in the system resulted in emailing the personally identifiable information (PII) of 32 accounts to the wrong recipients. The information that was sent out included names, addresses, and investment details and put the account holders at risk of identity theft.

Intentional Data Breach

An intentional data breach occurs when a cyberattacker hacks into an individual’s or company’s system for the purpose of accessing proprietary and personal information. Cyber hackers use a variety of ways to get into a system. Some imbed malicious software in websites or email attachments that, when accessed, make the computer system vulnerable to easy entry and accessibility of data by hackers. Some hackers use botnets, which are infected computers, to access other computers’ files.

Botnets enable the perpetrators to gain access to multiple computers at the same time using the same malware tool. Hackers may also utilize a supply chain attack to access information. When a company has a solid and impenetrable security measure in place, a hacker may go through a member of the company’s supply chain network who has a vulnerable security system. Once the hacker gets into the member’s computer system, he can get access to the target company’s network as well.

Hackers don’t have to steal sensitive information like Social Security Numbers (SSN) at once to reveal a user’s identity and gain access to his/her personal profile. In the case of stealing information for identity theft, hackers with data sets of quasi-identifiers can piece together bits of information to reveal the identity of an entity. Quasi-identifiers like sex, age, marital status, race, and address can be obtained from different sources and pieced together for an identity. In 2015, the IRS confirmed that a data breach of over 300,000 taxpayers had occurred. The cybercriminals had used quasi-identifiers to access the taxpayers’ information and fill out tax refund applications. This resulted in the IRS doling out over $50 million in refund checks to identity thieves.

What Happens When There Is a Data Breach?

A data breach is any instance when unauthorized access is gained to confidential or protected information such as Social Security numbers or bank account details. This can allow thieves to steal financial information, identities, and other personal data. That data then gets sold to other criminals who can exploit that data to rack up illicit and fraudulent charges.

Is a Data Breach a Cyber Attack?

A cyber attack can be the same as a data breach, but that is not always true. A cyber attack is the electronic theft of data or confidential information. A data breach is any unauthorized disclosure of confidential or protected details.

What is an Example of a Data Breach?

In December 5, 2019, Microsoft suffered a data breach when a change was made to the database's network security group that contained misconfigured security rules. The servers contained 250 million entries with information such as email addresses, IP addresses, and support case details. Engineers stopped the leak on December 31, 2019. Microsoft's investigation found no "malicious use and most customers did not have personally identifiable information exposed."

Article Sources
Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.

  1. Yahoo. "An Important Message About Yahoo User Security." Accessed May 12, 2021.

  2. Yahoo. "Yahoo Security Notice September 22, 2016." Accessed May 12, 2021.

  3. Business Insider. "A Startup That Chooses Where to Invest People's Money Admits it Accidentally Emailed Sensitive Data to the Wrong People." Accessed May 12, 2021.

  4. Internal Revenue Service. "IRS Statement On 'Get Transcript.'" Accessed May 12, 2021.

  5. CNBC. "IRS: Breach Affected 2x as Many Taxpayers as Expected." Accessed May 12, 2021.

  6. Microsoft Security Response Center. "Access Misconfiguration for Customer Support Database." Accessed August 16, 2021.

Open a New Bank Account
×
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.
Sponsor
Name
Description