TL;DR
A data breach occurs when unauthorized parties access sensitive data like user credentials, personal information, or business secrets. Breaches can result from hacking, phishing, misconfigurations, or insider threats. When a breach occurs, you must contain it, assess the damage, and notify affected parties according to applicable laws. Prevention includes security scanning, access controls, and employee training.
The Simple Explanation
Someone who should not have access to your data gets it anyway. Maybe they hacked in, maybe an employee leaked it, maybe you accidentally left a database exposed. The data could be passwords, credit cards, personal information, or trade secrets. When this happens, you have a breach.
Common Breach Causes
| Cause | Description | Prevention |
|---|---|---|
| Phishing | Employees tricked into revealing credentials | Training, MFA |
| Credential theft | Stolen or guessed passwords | MFA, strong passwords |
| Vulnerabilities | Unpatched software exploited | Patch management |
| Misconfiguration | Open databases, wrong permissions | Security scanning |
| Insider threat | Malicious or careless employees | Access controls, monitoring |
Breach Response Steps
- Contain: Stop the breach from continuing
- Assess: Determine what data was accessed
- Preserve: Keep evidence for investigation
- Notify: Tell authorities and affected users
- Remediate: Fix the vulnerability
- Review: Update security to prevent recurrence
Notification Requirements
GDPR: 72 hours to authorities HIPAA: 60 days to individuals US States: Varies (24 hours to 90 days) PCI-DSS: Immediately to card brands
Requirements depend on:
- Where affected users are located
- What type of data was breached
- Your industry and regulations
Have a plan before you need it. Develop an incident response plan now. Know who to contact, what steps to take, and what your legal obligations are. During a breach is not the time to figure this out.
Breach Costs
- Investigation: Forensics, legal fees
- Notification: Contacting affected users
- Remediation: Fixing vulnerabilities
- Fines: Regulatory penalties
- Reputation: Lost customer trust
- Litigation: Lawsuits from affected parties
How do most data breaches happen?
Common causes include phishing attacks, stolen or weak credentials, unpatched vulnerabilities, misconfigured systems, and insider threats. Many breaches involve multiple factors, like phishing leading to credential theft. Human error, such as accidentally exposing databases, is also common.
What are the notification requirements for a breach?
Requirements vary by jurisdiction. GDPR requires notification to authorities within 72 hours if personal data is affected. US state laws vary but typically require notifying affected individuals. Some industries like healthcare (HIPAA) have specific requirements. Consult legal counsel for your specific obligations.
What should I do immediately after discovering a breach?
Contain the breach (stop ongoing access), preserve evidence, assess the scope (what data, how many affected), notify your incident response team and legal counsel, determine notification requirements, and document everything. Speed matters but so does getting it right.