'Oh no!' What a data breach means to people and businesses
Nearly every organization and individual has been affected by a data breach, with recovery often proving both costly and, in some cases, impossible. This reality has prompted businesses to implement robust measures to safeguard their data and stay proactive in navigating the constantly evolving cybersecurity landscape. Ensuring the protection of sensitive information has become a critical priority as companies adapt to the growing complexity of cyber threats.
Data breaches have become so common that it seems like there are two types of businesses in the world: those that have had a data breach, and those that eventually will.
And even if your company has not had a data breach itself, it has likely been affected by a data breach: 98% of organizations surveyed in one report said at least one third-party vendor of theirs had suffered a data breach. There were 3,205 publicly reported data compromises in 2023, a stunning 78% increase over 2022.
What is a data breach?
People sometimes use “cyberattack” and “data breach” as if they were synonyms. They are not. Not every cyberattack involves a data breach. Data breaches are only those attacks where someone gained unauthorized access to data, which could be information on customers, financial data, or company secrets.
And not all data breaches are cyberattacks. If a thief steals an employee’s laptop from the trunk of their car and is able access the data, it is a data breach. It does not even have to be electronic. If someone steals a paper file containing sensitive corporate information, that is also a data breach.
What are examples of data breaches?
The biggest data breach in history, at least in terms of the number of people affected, was the Yahoo data breach of 2013/2014. Over 3 billion customer accounts were compromised. The attack was conducted by hackers working on behalf of the Russian state security services. They used a “spear phishing” email, a specifically targeted email, to get a Yahoo employee to click on an infected link and install malware that allowed the hackers access to Yahoo’s database and account management.
That’s all it takes for a cybercriminal to break in: one employee clicking on the wrong link without proper cybersecurity protection in place.
Marriott International (Starwood) suffered a data breach that exposed sensitive personal information of hundreds of millions of customers who had booked rooms using the company’s reservation system. In addition to names, addresses, phone numbers, and email addresses, passport numbers and financial information were also compromised. The attack is attributed to a Chinese intelligence group that was looking for information on U.S. citizens. In addition to reputational harm, Marriott was fined £18.4 million by the UK’s Information Commissioner’s Office for failing to keep customer data secure.
Some data breaches can cause victims more problems than others. In July 2015, Ashley Madison, a website that billed itself as a place for people to find extramarital affairs, was hacked. Extortionists accessed the data to threaten high profile individuals with exposure, including some in Saudi Arabia, where adultery is punishable by death.
Looking to reduce the threat of data breaches?
Learn how zero trust internet access solutions help enterprises prevent data breaches and minimize risk.
Explore zero trustEffects of data breaches
As can be seen from the above examples, data breaches can have a profoundly negative impact on both the company that was breached and on individuals whose data was exposed.
Impact of data breaches on individuals
Individuals whose data has been exposed can be harmed in the following ways:
- Hackers can use their data to steal their identity and commit financial fraud, such as getting tax returns, credit cards, etc., all of which can be a big headache for the victim to fix.
- Victims may have their credit score negatively affected by fraudulent use of their identity.
- If credit card information has been compromised, thieves can directly run up charges on the cards.
- As with the Ashley Madison incident, victims can be subject to embarrassment or extortion.
Impact of data breaches on companies
Companies whose data has been compromised can also be harmed in many ways:
- Their confidential trade secrets may be compromised.
- Their reputation may suffer.
- It can cost millions of dollars to recover from a major data breach and to implement new security measures.
- Companies can be liable to fines for failing to secure client data.
- For small companies, a data breach can be an existential threat. A Finnish psychotherapy provider, Vastaamo, suffered such grave reputation damage after hackers began releasing private information on their patients that they went out of business.
What If a data breach happens?
The U.S. Federal Trade Commission (FTC) has produced a guide for businesses that have suffered from a data breach.
The FTC recommends businesses that have had a data breach take the following steps:
- Secure your operations. Take steps to fix any vulnerabilities that led to the breach so as to prevent the loss of any additional data. Gather a team of experts to put in place a comprehensive response.
- Fix vulnerabilities. Look for ways to improve your data security, including reviewing network segmentation and service provider access to sensitive information.
- Notify appropriate parties. This can include affected businesses and/or individuals and law enforcement. If health records were compromised, the Department of Health and Human Services needs to be notified. If social security numbers were compromised, credit reporting agencies should be notified.
The FTC guide includes a model letter that businesses can use to notify individuals their social security number was compromised.
How to prevent data breaches
Preventing data breaches is not something that is “one and done.” It is an ongoing effort that requires constant vigilance. Some steps companies can take to prevent data breaches include:
- Use multifactor authentication and other strong user identification protocols.
- Keep software up to date.
- Train your employees how to avoid falling victim to phishing and spear phishing attacks.
- Implement zero trust based security protocols, such as Ericsson NetCloud SASE.
- If personally impacted by a data breach, one should freeze their credit via the major credit reporting agencies. (Equifax, Experian, TransUnion).
RELATED CONTENT
Like what you’re reading? Please sign up for email updates on your favorite topics.
Subscribe nowAt the Ericsson Blog, we provide insight to make complex ideas on technology, innovation and business simple.