Definition: A data breach is a security incident that results in the transfer of sensitive, protected or confidential information onto an information system that is not authorized to store or process that information. Other terms are unintentional information disclosure, data leak, information leakage, and data spill.
Data Breach explained
A data breach occurs when an organization's data is subjected to a security incident that results in a breach of confidentiality, availability, or integrity. Any type of data may be leaked in this way, either accidentally or maliciously. This could include:
- Financial information such as credit card and debit card details,
- Bank account information,
- Personal health information (PHI),
- Personally identifiable information (PII),
- Corporate trade secrets
- Intellectual property
It can also include overexposed and vulnerable unstructured data – files, documents, and sensitive information.
Data breaches can be very expensive for both businesses and individuals, both in terms of direct costs (remediation, investigation, etc.) and indirect costs (reputational damages, emotional damage, providing cyber security to victims of compromised data, etc).
A cyber attack is not necessarily the same as a data breach - a cyber attack is the electronic theft of data or confidential information, whereas a data breach is any unauthorized disclosure of confidential or protected details.
The most important aspect of preventing a data breach is effectively protecting customer information and data. Data can be encrypted "at rest," when it is being stored, or "in transit," when it is being transmitted to another location.