Why You Should Care About Data Breaches
Every few years, the drama of a major data breach lights up the news cycle. The exact details of the breach often vary, such as how it occurred and what was stolen or lost. However, there's one thing that all of these major data breaches have in common: they have serious consequences for the afflicted companies and their customers.
With our lives existing online more than ever before, everyone should have some familiarity with data breaches for the sake of personal identity protection. While data breaches hurt the companies that suffer them, the leaked data often belongs to millions of individual consumers.
What is a Data Breach?
A data breach is an event where an organization suffers the release of secure, private, or confidential information to an insecure, untrusted environment. Sometimes these events are simply the result of human error, giving the wrong people access to the data.
However, data breaches are often the result of direct attacks by any number of hackers, sometimes working alone or within a group. Political activists, national governments, hackers who seek personal gain, and others will target organizations to steal private data. Data itself is extremely valuable, so theft can cause millions or billions of dollars in losses depending on what was stolen.
Virtually any organization can fall victim to a data breach. The search engines that you use, financial institutions that hold your credit card information, social media websites you frequent; malicious attacks and human error alike can often result in this information being compromised. While it's virtually impossible to absolve yourself from these risks, you can educate yourself and protect yourself from data breaches.
Examples of Some of the First Big Breaches
AOL 2006
There were a couple of major data breaches in 2005 that resulted in the theft of data pertaining to hundreds of thousands of customers. However, neither of these held any comparison to the historic AOL data breach in 2006. This was the first truly high-profile data breach event in history, as millions of users had their keyword searches released. While this did not directly release personal data, many of the search terms included personal data from the people searching it.
TJ Maxx
From 2003 to 2007, TJ Maxx's systems included a vulnerability that allowed hackers to gain access to the payment data of its customers. Not only did this surpass the AOL leak in size, but the nature of the leaked data was much more severe. Over 40 million TJ Maxx customers suffered from the theft of their electronic payment information.
As time went by, the frequency of such attacks increased, and hackers breached many major financial institutions throughout 2009. However, we now have a better understanding of data breaches. Thanks to this, both individuals and organizations are better prepared to defend themselves.
How do Data Breaches Happen?
Depending on how you categorize data breaches and the level of detail you include, there are many possible causes. The Verizon 2021 Data Breach report, one of the leading contemporary sources on data breaches, found an effective balance between detail and accessibility in their categorization of data breach causes. The six leading causes of data breaches are as follows:
Hacking attacks by organizations seeking to steal data.
Data breaches caused by human error.
Social engineering attacks; deceptive tactics such as phishing and pretexting.
Downloading Malware (malicious software that compromises the system it infects).
Unauthorized use by employees within an organization.
Physical actions: events where a perpetrator steals physical assets containing relevant information.
Hacking takes many forms, from stealing log-in credentials to attacks on network vulnerabilities.
Human error is another leading cause, as people often dispose of sensitive paperwork or equipment with taking due caution first. For instance, they might throw away a computer that's broken without following proper data destruction protocols. A person might even toss out their personal electronics and give a malicious actor the lead they need to steal data from that person's employer.
Social engineering attacks are common in general and often target the elderly or people who are less familiar with the internet. Individuals are most at risk to social engineering attacks. The most common and widely-known type of social engineering is phishing, wherein the attacker seeks to trick their target into inputting their sensitive data.
According to the Verizon 2021 Data Breach Report, around twenty-five percent of total data breaches are caused by either unauthorized use, malware, or rarest of all, physical actions. A physical action can involve someone entering your facility without proper credentials and looking for sensitive documents to steal.
Unauthorized use makes up twice as many cases as a cause of data breaches and refers to two different events. In one case, an employee with access to certain information uses it improperly out of either malice or error. In the other, someone who shouldn't have access to certain information gains unauthorized access, which makes them a high risk for data breaches or theft. Malware, malicious software that compromises the system it infects, causes slightly fewer than one-fifth of all data breaches.
Data Breaches Today
By 2021, data breaches have resulted in the compromise of untold billions of sensitive documents. Their reach is vast; major brands, national governments, and even the US military have suffered data breaches. However, our understanding of data breaches and their severity is greater than ever. More than before, we know now what we could do to lower the chances of having our data compromised.
The Cost of Data Breaches
In 2019, Forbes published an in-depth look at the cost of data breaches across different industries and around the world. While this article acknowledged the difficulties of tracking the full cost of data breaches, it used a variety of resources allowing it to provide fairly reliable estimates. Interesting data points in their study included the fact that the total volume of records lost to data breaches actually appears to be shrinking.
According to numbers from the Privacy Rights Clearinghouse, the number of compromised records fell from 4.8 billion in 2016 to 2 billion in 2018. However, the corollary to this is that data breaches that do occur are costing the victims much more than before. While the average data breach in 2006 cost the company about $3.54 million in damages, this number more than doubled to $8.19 million in 2019.
Signs of a Data Breach
There are many warning signs when it comes to data breaches. If anything appears out of the ordinary, it's worth investigating the possibility that you've suffered a data breach. The tell-tale signs include, but aren't limited to:
Unusual outbound traffic, which may indicate server hijacking to spread outbound spam.
Strange administrative user access.
Physical or digital tampering with documents.
High latency in devices and networks.
Data Breaches and How to Recover
The best way to try to avoid a data breach is to take the necessary precautions to lower the probability of it happening. For you, that means doing business with reputable entities that use proper security measures. Inputting your data on strange websites that aren't clearly legitimate is one common way that people compromise their data. Besides that, individuals and organizations often suffer data breaches by downloading something off of the internet from a source that secretly carries malware. Online piracy and related downloading activities are one way that people install malware onto their devices and lose their data.
Protect Yourself From Data Breaches
Besides passive activities that allow you to avoid risky behaviors, it's important to proactively protect yourself from common attacks that target your data. When you receive an email that asks you to follow a link or otherwise gives you instructions, closely inspect the address. Ensure that it's the exact address you think it is, rather than a fraudulent address that's changed one or two characters to avoid phishing attacks. If you are suspicious of its legitimacy, simply ignore it and do no open the links in the email.
But you're not always in control of your data. Another important way to protect yourself is through responsible practices such as diversifying your log-in information. When log-in information from any website is hacked, the attackers will start running it on financial institutions to see if they can crack into an account. Using a different password for each of your online activities will help protect you from data breaches.
Recover After a Data Breach
If you fall victim to a hacking attack or a company you work with compromises your data, it's essential to be proactive. Check the compromised records, if possible, to learn whether or not your information was stolen. It is also vital to change your important log-in credentials either way, just in case. Check your financial and social accounts for any strange behavior that could clue you into whether or not your account has been compromised, as well.