Data Breach
What Is a Data Breach?
A data breach is a security incident in which sensitive, protected, or confidential information is accessed, copied, transmitted, or disclosed by an individual or system without authorization. The term encompasses both external attacks by malicious actors and internal incidents caused by negligent or unauthorized use by employees or contractors. Breached data commonly includes personally identifiable information (PII), financial records, healthcare records, intellectual property, and authentication credentials.
Data breaches are distinct from broader categories of cyberattack in that the defining element is unauthorized access to data, not simply a disruption of services. A denial-of-service attack that takes a website offline does not constitute a breach unless data is also exfiltrated or exposed. NIST SP 800-53 defines a breach as the loss of control, compromise, unauthorized disclosure, or unauthorized acquisition of personally identifiable information, with this definition forming the baseline for US federal security requirements.
Attack Vectors and Causes
Data breaches originate through several well-documented vectors. Phishing campaigns trick users into surrendering credentials, providing attackers with legitimate login paths into enterprise systems. SQL injection and other web application vulnerabilities allow attackers to extract database contents through malformed queries. Malware, including ransomware variants that encrypt and exfiltrate data simultaneously, has become a dominant breach mechanism in both enterprise and healthcare settings. Unintentional internal exposure, such as misconfigured cloud storage buckets that leave records publicly accessible, accounts for a significant share of breach incidents. Social engineering, credential stuffing from previously leaked password databases, and supply-chain compromises through third-party software vendors round out the primary categories. NIST SP 1800-28 on identifying and protecting assets against data breaches provides a structured framework for mapping these attack paths and implementing corresponding technical controls.
Data Security Controls
Data security addresses breaches through a layered set of preventive, detective, and corrective controls. Encryption of data at rest and in transit ensures that intercepted or exfiltrated records are not immediately readable. Access control mechanisms, including role-based access control (RBAC) and the principle of least privilege, limit the scope of what any single compromised account can reach. Network segmentation slows lateral movement once an attacker has gained an initial foothold. Security information and event management (SIEM) systems aggregate log data to detect anomalous access patterns indicative of a breach in progress. Data loss prevention (DLP) tools monitor for large transfers or unusual export of sensitive files. These controls are codified in standards such as ISO/IEC 27001 and the NIST Cybersecurity Framework, which organize them by function across identification, protection, detection, response, and recovery.
Privacy Breach and Legal Obligations
A privacy breach occurs when the data exposed includes personal information that individuals have a reasonable expectation will remain confidential. Privacy breaches trigger notification obligations under a growing body of national and regional law, including the EU General Data Protection Regulation (GDPR), the US Health Insurance Portability and Accountability Act (HIPAA), and state-level statutes. The GDPR requires notification to supervisory authorities within 72 hours of discovering a breach likely to result in risk to individuals' rights or freedoms. Financial penalties for non-compliance can reach 4 percent of annual global turnover. The legal and reputational consequences of a privacy breach often exceed the immediate operational costs, driving organizational investment in breach prevention and incident response capabilities. NIST's privacy breach term in the CSRC glossary provides the federal-standard definition that underpins US government compliance frameworks.
Applications
Data breach management and prevention apply across a range of sectors, including:
- Healthcare: protecting electronic health records and medical device networks
- Financial services: securing payment card data and account credentials
- Government: safeguarding classified and citizen data systems
- Retail and e-commerce: protecting transaction records and customer PII
- Critical infrastructure: defending operational technology systems against exfiltration