A data breach is a security violation. It causes all sensitive, protected or confidential data to be copied, transmitted, viewed, stolen or used by an unauthorized person or organisation. This term is known as unintentional information disclosure, data leak, information leakage, and data spill. A deliberate data breach by a person privy to the information, typically for political purposes, is more often known as a "leak".
Data breaches may involve financial information such as credit card and debit card details, bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property. Data breaches may involve overexposed and vulnerable unstructured data – files, documents, and sensitive information.
Data breaches can be quite costly to organizations with direct costs (remediation, investigation, etc) and indirect costs (reputational damages, providing cyber security to victims of compromised data, etc.).
ISO/IEC 27040 defines a data breach as: compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise processed.
References[change | change source]
- ↑ State and Tribal Child Welfare Information Systems, Information Security Data Breach Response Plans (PDF) (Report). United States Department of Health and Human Services, Administration for Children and Families. 1 July 2015. p. 2. ACYF-CB-IM-15-04. Archived (PDF) from the original on 11 November 2020.
- ↑ "Panama Papers Leak: The New Normal?". Xconomy. 2016-04-26. Retrieved 2016-08-20.
- ↑ "Information technology — Security techniques — Storage security". www.iso.org. Retrieved 2020-10-24.
Other websites[change | change source]
- "Data Loss Database[permanent dead link]" is a research project aimed at documenting known and reported data loss incidents world-wide.
- "Breaches Affecting 500 or More Individuals", Breaches reported to the U.S. Department of Health and Human Services by (HIPAA-covered) entities