A data breach is a cyberattack in which sensitive, confidential or protected data is accessed and/or disclosed without permission.
Data breaches can happen to organizations of all sizes, from small businesses to large enterprises. This may include personally identifiable information (PHI), personally identifiable information (PII), trade secrets or other confidential information.
Common data breach exposures include personal information such as credit card numbers, social security numbers, driver's license numbers and medical records, as well as corporate information, customer lists, and source code.
Organizations that need to protect that information are said to have a data breach when someone who is not authorized to do so views or completely steals the data.
If a data breach results in identity theft and/or a breach of government or industry compliance obligations, the offending organization can face fines, lawsuits, loss of reputation and loss of authority to operate a business.
Potential causes of data breaches
Although the types of data breaches vary widely, they almost always can be attributed to vulnerabilities or loopholes that cybercriminals use to gain access to an organization's systems or protocols. Potential causes of data breaches include:
Weak login credentials
social engineering scam
Malware or ransomware
phishing
Loss or theft of hardware (laptops, hard drives, mobile devices)
Lack of access control
back door
insider threat
user error
Data breach regulations
Many industry guidelines and government compliance regulations require strict controls on sensitive and personal data to prevent data breaches.
For financial institutions and any business that processes financial information, the Payment Card Industry Data Security Standard (PCI DSS) specifies who can process and use personal information or PII. Examples of PII include financial information such as bank account numbers and credit card numbers, and contact information such as name, address, and phone number.
Within the healthcare industry, the Health Insurance Portability and Accountability Act (HIPAA) regulates who can see and use PHI, such as a patient's name, date of birth, social security number, and medical treatment. HIPAA also regulates penalties for unauthorized access.
More about this source textSource text required for additional translation information.
No comments:
Post a Comment