What is a data breach?

Image

Data breaches are security incidents where information is accessed, stolen, and used by a cybercriminal without authorization. Data breaches impact individuals and organizations every day. Learn how a data breach occurs and how to protect your personal information.


 

Try Norton 360 FREE 7-Day Trial* - Includes Norton Secure VPN

7 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.
*Terms Apply

A data breach is a security incident in which information is accessed without authorization. Data breaches can hurt businesses and consumers in a variety of ways. They are a costly expense that can damage lives and reputations and take time to repair.

It may seem like stories of massive data breaches pop up in the news frequently these days. But it shouldn’t be all that surprising.

As technology progresses, more and more of our information has been moving to the digital world. As a result, cyberattacks have become increasingly common and costly.

Globally, the average total cost to a company of a data breach is $3.86 million, according to a study by the Ponemon Institute. This means that at $148 on average per stolen record, online crime is a real threat to anyone on the internet.

Corporations and businesses are extremely attractive targets to cybercriminals, simply due to the large amount of data that can be nabbed in one fell swoop.

Why do data breaches occur?

Cybercrime is a profitable industry for attackers and continues to grow. Hackers seek personally identifiable information to steal money, compromise identities, or sell over the dark web. Data breaches can occur for a number of reasons, including accidentally, but targeted attacks are typically carried out in these four ways:

  • Exploiting system vulnerabilities. Out-of-date software can create a hole that allows an attacker to sneak malware onto a computer and steal data.
  • Weak passwords. Weak and insecure user passwords are easier for hackers to guess, especially if a password contains whole words or phrases. That’s why experts advise against simple passwords, and in favor of unique, complex passwords.
  • Drive-by downloads. You could unintentionally download a virus or malware by simply visiting a compromised web page. A drive-by download will typically take advantage of a browser, application, or operating system that is out of date or has a security flaw.
  • Targeted malware attacks. Hackers use phishing email tactics or keyloggers to uncover user login details in credential stuffing attacks. Email is a common way for malware to end up on your computer. Avoid opening any links or attachments in an email from an unfamiliar source. Doing so can infect your computer with malware. And keep in mind that an email can be made to look like it comes from a trusted source, even when it’s not.
  • Watering hole attacks. Cybercriminals observe the traffic and users of specific sites to locate and exploit software problems or lax security. These hackers can then use malware to infect a network of devices and create backdoors to stored data.

How can I help protect my personal information in the event of a data breach?

To help protect your identity, it’s important to take steps to help protect yourself and your personal information. These steps can include:

  • Use strong, secure passwords. Use a complex and unique password for each of your online accounts. Keeping track of all those passwords can be difficult, but there are products, such as Norton Password Manager, that can help make this task easier to manage.
  • Monitor your bank and other financial accounts. Check your accounts on a regular basis for unfamiliar activity. And if the companies offer activity alerts via text or email, it may make sense for you to sign up for them.
  • Check your credit report. Do so regularly to see if a thief has attempted to open a new credit card or another account in your name. You’re entitled by law to a free credit report from each of the three major credit reporting agencies every 12 months. Visit annualcreditreport.com for more information.
  • Take action as soon as possible. If you see suspicious activity, contact the financial institution involved immediately. If your information was stolen in a data breach, let them know that, as well.
  • Secure your phone. If your phone doesn’t have a password, give it one. Although entering a password every time you use your phone is tedious, it provides a line of defense if your device is lost or stolen. Think about all the information a criminal could access with your unprotected phone.
  • Use only secure URLs. Reputable sites begin with https://. The “s” is key. This is especially important when entering credit card or other personal information. 
  • Implement high-quality security software. Install and use a software suite that includes malware and virus protection — and always keep it updated. Norton 360 with LifeLock is one such solution.
  • Back up your files and ensure their safety. Norton 360 with LifeLock Select offers 100 GB of backup for your PC in addition to its other security features. 
  • Wipe your hard drive. If you are recycling your old computer, make sure that you clear your hard drive prior to disposal. The same goes for your smartphones and tablets.
  • Avoid oversharing on social media. Never post anything pertaining to sensitive information, and adjust your settings to make your profiles private. While you’re at it, hold off sharing vacation pics on social media while you’re still on vacation. That tells everyone your house may be sitting empty, a perfect target for burglary.
  • Use an identity theft protection or credit monitoring service. The mess caused by a stolen identity could take months or even years to fix. Given the recent number of data breaches, it’s important to consider identity theft protection or a credit monitoring service. Norton Security now includes LifeLock identity theft protection, helping to protect your personal information in an age of data breaches.

What are companies doing about data breaches?

Many companies are tightening security measures and reassessing their procedures to better protect the consumer data they use and store.

Laws and regulations are in place that require companies to take specific steps in the event of a data breach or other security incident. Most states require companies to send data breach notifications to consumers when their personally identifiable information may have been compromised.

Still, you should never rely solely on others to keep your information secure. It’s always important to take preventative measures and keep an eye on your information.

Data breaches are likely here to stay, and the best defense against them is a good offense. Educate yourself and be diligent about monitoring your online life. There may be laws, policies, and procedures in place to help protect your information, but it still makes sense to stay engaged and alert even as you enjoy the convenience that a connected life delivers.

Try Norton 360 FREE 7-Day Trial* - Includes Norton Secure VPN

7 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.
*Terms Apply

Alison Grace Johansen
  • Alison Grace Johansen
  • Freelance writer
Alison Grace Johansen is a freelance writer who covers cybersecurity and consumer topics. Her background includes law, corporate governance, and publishing.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 

Contents

    Want more?

    Follow us for all the latest news, tips and updates.