Skip to content

Unpacking a Data Breach - How it Works

Posted on by Dawna M. Roberts in SecurityDecember 16, 2020
https://content.infopay.net/storage/thumbnails/TAQ1s6UCKNq9GyK3dFsccpyGeouGMPKaB7uhCXHJ.jpg

By now, we've heard of so many data breaches we don't even listen to the details. However, any data breach you are involved in could potentially mean devastation for your life if you become the victim of identity theft or fraud. Let's take a close look at what a data breach is, how it happens, and how you can protect yourself.

What is a Data Breach?

A data breach is when an unauthorized person (hacker, employee, or another individual) accesses private, sensitive information without permission. They may steal the data and release it to the public or hold it for ransom. Typically, a data breach is perpetrated electronically by the person or group, bypassing security measures and accessing private or corporate servers, computers, or other data storage devices. How is it done?

Typically, before a data breach, the hackers or cybercriminal gang researces the entity and performs some tests to find weaknesses in their infrastructure. Once they examine the entire network for vulnerabilities, they devise a plan to infiltrate. Sometimes this involved a phishing campaign or brute force attack on the system. The criminal may decide the best approach is to use a social engineering tactic on social media, texting, or other ways to get an employee to take the bait. 

Once the hacker gains entry, they often exfiltrate the data (copy it all over to their own servers). Sometimes, they encrypt the files so the owner cannot access them, and the hacker demands a ransom. If they do that, they often threaten to release sensitive data online if they don't pay up. Sometimes they simply steal it and auction it off to the highest bidder online. Information stolen in data breaches (especially account logins) can be very lucrative for cybercriminals. 

How Does a Data Breach Occur?

Data breaches occur in a variety of ways. However, statistics show that a large number of them happened because of phishing emails. The hacker sends a convincing email to an employee at the company, who then either click on a malicious link that infects their computer with malware or provides personal details that allow the perpetrator to gain access to the network. Malware and ransomware are the most common vehicles for data breaches. 

Some other data breaches occur because employees actually copy and steal personal data from the company where they work. They may be planning on selling the data, or they may just have been snooping. 

Other reasons they occur are:

  • Insecure systems.
  • Weak passwords.
  • Out-of-date software and vulnerabilities (weak spots exploited by hackers).
  • Malware is installed on a device connected to the network.
  • Credential stuffing where the threat actor tries known username/password combos on other sites and gets lucky logging in with the company.
  • Lost or stolen devices connected to the company servers.

The Largest Data Breaches to Date

It seems like every new data breach is claimed to be the largest yet, but the truth is they are all huge and damaging to millions of people. Here is a list updated this past November for the largest data breaches so far.

  • Cam4 - March 2020 - 10.88 billion records.
  • Yahoo - 2017 - 3 billion accounts.
  • First American Financial Corp. - May 2019 - 855 people.
  • Facebook - April 2019 - 540 million users.
  • Yahoo - 2014 - 500 million accounts.
  • Marriott/Starwood - November 2018 - 500 million guests.
  • AdultFriendFinder - October 2016 - 412.2 million accounts.
  • MySpace - June 2013 - 360 million users.
  • Exactis - June 2018 - 340 million people.
  • Twitter - May 2018 - 330 million users.
  • LinkedIn - June 2012 - 165 million users.
  • Adobe - October 2013 - 152 million people. 

What Happens After a Data Breach?

Depending on the data stolen dictates what happens next. Often scammers target credentials (logins). These can be used for various other crimes later like phishing emails, fraud, credential stuffing, and more. If payment card details are stolen, the hackers may try to use the cards to make purchases. If bank account data is taken, they may drain your funds. 

The problem is if they get a lot of personal data on a large number of people, they can use it for identity theft or sell it on the dark web, where even more criminals will have access to it. Even if you are the victim of one crime, you aren't safe due to your information being readily available online. Another hacker may use it to wage another campaign against you.

How to Protect Yourself After a Data Breach

With all that bad news, there is a ray of hope. There are steps you can take to stay safer from identity theft and fraud.

  • Keep all devices and software up to date.
  • Use very strong passwords.
  • Turn on data encryption.
  • Turn on multi-factor authentication.
  • Never click links in an email.
  • Sign up for credit monitoring.
  • Review all accounts carefully every month, looking for suspicious activity. 
  • Never give out personal information unless you have to. 
About the Author
InfotracerLogo

Related Articles

News Article

How to Detect “Fake News” Stories: Complete Guide to Fact-Checking

The last few years have brought many changes to the world, and one of the most sinister are fake news sto... Read More

News Article

How to Protect Yourself from Work-From-Home Scams

The idea of working from home sounds like a dream come true to many Americans. Some work-from-home jobs a... Read More

News Article

How Does Facebook People Search Work?

Social media platforms are great for finding long lost friends or family in far-flung places, but how the... Read More

News Article

What is a Social Engineering Attack? Techniques & Prevention Tips

Social engineering attacks are a new approach to stealing a person’s sensitive information or gaining a... Read More

News Article

What Are The Most Common Passwords?

In order to choose a good, safe password, it’s important to know why a strong password is important: it... Read More

Uncover Hidden Information About Anyone: