A data breach, also known as a data spill or data leak, is an incident that involves the unauthorized or illegal viewing, access, or retrieval of data by an individual, application or service. It is a type of security breach specifically designed to steal and/or publish data to an unsecured or illegal location.
Data breaches can occur in any size organization, from small businesses to major corporations. Common data breach exposures may involve the theft of personal information, such as credit card numbers, social security numbers, driver's license numbers and personal health information, as well as corporate information such as customer data, intellectual property and source code.
If anyone who is not authorized to do so views personal data, or steals it entirely, the organization charged with protecting that information is said to have suffered a data breach.
If a data breach results in identity theft and/or a violation of government or industry compliance mandates, the offending organization can face fines, litigation, reputation loss and even loss of the right to operate the business.
Potential causes for a data breach in can almost always be attributed to a vulnerability or loophole that cybercriminals use to gain access to the organization's systems or protocols. Potential causes for a data breach include: weak login credentials, social engineering scams, malware or ransomware, phishing, insider threats, user errors, lack of access controls or lost or stolen devices.