Data breach

A data breach, also known as data leakage, is "the unauthorized exposure, disclosure, or loss of personal information". Since the advent of data breach notification laws in 2005, reported data breaches have grown dramatically.

Data breaches are most commonly caused either by a targeted cyberattack, an opportunistic attack, or inadvertent information leakage. Attackers have a variety of motives, from financial gain to political activism, political repression, and espionage. There are several technical root causes of data breaches, including accidental disclosure of information, lack of encryption, malware, phishing, and software vulnerabilities. Although prevention efforts by the company holding the data can reduce the risk of data breach, it cannot bring it to zero.

A large number of data breaches are never detected. If a breach is made known to the company holding the data, post-breach efforts commonly include containing the breach, investigating its scope and cause, and notifications to people whose records were compromised, as required by law in many jurisdictions. Law enforcement agencies may investigate breaches, although the hackers responsible are rarely caught.

Many criminals sell data obtained in breaches on the dark web. Thus, people whose data was compromised are at elevated risk of identity theft for years afterwards and a significant number will become victims of this crime. Lawsuits against the company that was breached are common, although few victims receive money from them. The company may suffer lost business or reputational damage, and incur expenses due to the breach and subsequent lawsuits.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.