Data Breaches: How It Happens And How It Affects You

We hear about data breaches all the time and a few big ones took place in 2017. But not every one knows the significance of data breaches. If you are wondering what exactly is “data breaches” and what effects it has on your privacy and security, read on to find out what is meant by a data breach and how it impacts Internet users (you).

“Data Breach” isn’t one of those vague terms you can’t guess the meaning of from their etymology, but it’s always good to define a key term, just to make sure it’s clear to everybody. So, according to Wikipedia, “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property.

In short, a data breach means that your confidential data is now accessible by third-party (probably a hacker) who can then use it for their own benefit (and damaging yours along the way).

There are various scenarios for a data breach incident to happen. When you hear about a data breach, probably your first thought is about hackers who penetrate a company’s network from the outside and steal data, but actually a pretty common and more damaging scenario for a data breach is when insiders, i.e. company employees are involved.

In the case with insiders, they just copy or transmit the data to somebody outside the organization, who later uses it for his or her own benefit. Depending on the rank of the insider and his or her data access privileges, the compromised data varies in nature. Lost employees’ devices with sensitive data on them are also an example of an insider data breach.

data-breach-01-general

In the second case, when hackers penetrate a company’s network from the outside, data breaches happen because of some security vulnerability. The means here are more diverse – from a direct attack, to a virus attached to a message, to phishing and sniffing. In other words, if a company’s network is unsecured properly, hackers can find their way around, frequently without much effort.

Because of the tangible nature of data, it’s very hard to spot a data breach and this is why many incidents go unnoticed and unreported. But even the ones that do get reported amount to dozens a year. Not all of these incidents involve critical information — i.e. financial data or health records but basically there are at least 5 major incidents a year involving the theft of really sensitive data of millions of users.

Since data breaches can be so devastating for an ordinary user, maybe you are wondering what you can do in order to protect yourself against the damages of data breaches. Unfortunately, once you give your data to a third party, there isn’t much you can do but hope they have strict data protection rules in place, good security, and loyal employees.

What you can do is to research the company security policy before you setup an account and give your data to the company, particularly if you are giving your credit card details. For example, if you are worried about your email security, you can switch to email providers that provide secure email services.

Probably the only thing you can do after a data breach is to change your password immediately. Not only the password on this hacked account, but also any other account that are using the same email/password combination. This won’t restore any stolen data but it can prevent further damage — not much, but more than nothing.

Data breaches are scary and they could be really damaging. Companies are doing a lot to prevent data breaches and to minimize the damage if a data breach happens. However, the sad truth is you can never be sure a data breach won’t happen, and some companies won’t tell you when their servers are hacked. Just pray you won’t become victim of a major data breach of really sensitive information of yours – unfortunately, this is the only thing you as a user can do.

4 comments

  1. This article is misleading. It gives the impression that individual users can somehow prevent their data from being stolen from some/any company’s data servers. Nothing can be further from the truth. Individual user can only prevent (hopefully) a data breach on their own computer. The 140 million individuals whose data was stolen from Equifax servers could in no way prevent that from happening, just as could not prevent that data from being harvested by Equifax.

    “What you can do is to research the company security policy before you setup an account”
    There can be a wide discrepancy between the official security policy posted on the company’s website and the actual day to day security procedures. The false assumption in that statement is that we have the power to allow/disallow our data to be collected. Most companies harvest our data without our explicit permission and/or knowledge.Again, see Equifax.

    • ‘ “What you can do is to research the company security policy before you setup an account”
      There can be a wide discrepancy between the official security policy posted on the company’s website and the actual day to day security procedures ‘

      And even when the security policy posted on the company’s website is followed step-by-step, it’s not a guarantee that a breach won’t happen. New vulnerabilities are found every day, and the ‘bad guys’ are always finding ways around things that were thought to be completely secure. Just look at Spectre and Meltdown…now we can’t even trust **our own** computers to keep things secure, let alone computers run by someone else.

      The only way to keep your data safe from an external data breach is to not share it with anyone, for any reason. And if a person wants to live with even the most basic of modern conveniences, that simply isn’t possible.

  2. @dragonmouth I’m sorry, if you think it’s misleading. I thought this sentence explains it: “Unfortunately, once you give your data to a third party, there isn’t much you can do but hope they have strict data protection rules in place, good security, and loyal employees.” Probably the word ‘much’ is misleading you, sorry for the confusion.
    @rick Obviously, not sharing any data is the way to protect oneself against it being stolen in a data breach but unfortunately it’s not possible. What’s worse, many services that didn’t request personal data in the past, now they do, and if you want to continue using their services, you have no choice.

    • “Unfortunately, once you give your data to a third party, there isn’t much you can do but hope they have strict data protection rules in place, good security, and loyal employees.”
      I wonder how many of your readers really noticed that disclaimer?

      When I read that statement, it conjures up a vision of Wile E. Coyote deploying a cocktail umbrella over his head as protection just before the anvil hits him.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.

Sponsored Stories