What Is a Data Breach? How to Prevent It and Best Practices

November 5, 2024
by Sagar Joshi

In the online realm, your personal and professional data can sometimes be the life of the party, even when you didn't send the invites!

A data breach could be intentional, where hackers break through your information security systems and controls by exploiting vulnerabilities. You can avoid this by covering the gaps in your security.

Conducting regular vulnerability scans, monitoring logs on security information and event management (SIEM) software to identify threat patterns, and penetration testing will help you bridge those gaps.

Let's delve into the intricacies of data breaches, their causes, significance, and effective handling strategies.

How do data breaches happen?

Many factors can combine to cause a data breach. These factors are as follows:

Password mismanagement

Some people may think, "What's the point of creating a password we can't remember when a simple 12345 can give us access." In case you share the same line of thinking, you’re partially right; it's not only easy for you to gain access but also for hackers who are on the lookout for ways to gain access to your data.

Weak passwords or stolen passwords are probably the most common cause of data breaches. You should have some originality and complexity in a password instead of the simple common phrases, as such phrases can be easily cracked by a program that checks it with the most common passwords.

Remember, password authentication is there for a reason and not to put you through one extra step where you type your name, or 12345, or your birthdate to finish the deed. It’s the reason why multi-factor authentication (MFA) is gaining popularity, as it adds a protective layer around your assets to protect them if the set password is weak.

Also, there are instances where the physical security of passwords or files is mismanaged. Writing passwords on a sticky note at your desk or creating a simple notepad for listing your login credentials are a few examples of poor password management. Exposure to your login credentials can put you and your company at risk of a data breach. 

Presence of vulnerabilities

Managing vulnerabilities in an IT infrastructure is crucial for protecting assets from cyber attacks. Even a minor security gap in an important system can cause a catastrophic impact if exploited in the right way. It's important to attempt to cover these gaps well before they pose a risk. 

Tip: Wondering how you would scan vulnerabilities in your IT assets? Check out the top vulnerability scanners on the market.

Occurrence of malware

Malware is a malicious software program deployed in a system or application with known vulnerabilities. It could be a program that tracks a user's activity or a ransomware attack that locks you out of your own software program and demands payment to re-access the data.

Malware is a common factor in a data breach, as their number and types vary broadly. Malware is difficult to detect because hackers modify the malware program to provide camouflage from antivirus software. They inject malware into your system or application through phishing attempts or by using exploit toolkits.

Insider accidents and threats

You can have an insider who accidentally exposes the data and reports to the relevant authorities or a malicious insider who, without authorization to do so, intentionally reveals the data and information, typically for personal gain. 

Insider threats can be from disgruntled employees or those who have left the company on poor terms. They may try to leak sensitive information, which can benefit others or themselves or the detriment of you and your company’s reputation. There are times when the intention is the greed of the person who wants to sell the data on the dark web for a price.

Tip: Data loss prevention (DLP) software can help you prevent willful or accidental data breaches caused due to insider threats.

Mishandling data-carrying hardware

Another common cause of a data breach is mishandled hardware, such as CDs, laptops, hard drives, and even printed materials. In this case, a hacker's main target is to steal such devices to access the data or information stored on them.

Thefts like these are mostly opportunistic and, therefore, hard to predict. You need to manage your data-carrying devices with care and proper encryption so that even if they fall into the wrong hands, the data contained within them will be secure.

Want to learn more about Security Information and Event Management (SIEM) Software? Explore Security Information and Event Management (SIEM) products.

What should a company do after a data breach?

According to the Federal Trade Commission (FTC), you should have a response strategy in case of a data breach. Although the applicable strategy would be different depending on your industry or organization, the FTC has provided guidelines for handling a data breach.

Secure your assets 

The first step in your response should be to secure at-risk assets. This protects you from the possibility of multiple data breaches, which can be disastrous financially and damage your reputation.

The steps to secure your assets are:

  • Engage a team of forensic experts to conduct a thorough analysis of the incident
  • Depending on your organization's structure, involve other teams like legal, data security, etc.
  • Change the access credential as soon as possible because your assets will continue to be at risk if it's the cause.
  • Don't turn off the system until the experts have analyzed it, but you should take it offline to prevent further data loss.
  • Monitor the attack surface closely, and if possible, put clean machines in place of the affected ones.
  • If you accidentally exposed your data on a website or social media, causing a breach, remove it.
  • Search for the compromised data online and ask websites to remove it if they have stored any.
  • Interview your teams who discovered the breach and all of them who could have any information about it.
  • Make sure you keep the evidence while securing your assets and the remediation process.

Remediate vulnerabilities

Once you have secured your assets, the next step is to fix the vulnerabilities that exposed them to cyberattacks. Conducting a vulnerability assessment, monitoring SIEM logs, and penetration testing will help you perform a thorough check of your security posture. 

Also, check the network segmentation to contain a security breach, evaluate its effectiveness, and make relevant modifications if necessary. While doing so, prepare a communication plan that conveys information regarding the breach to affected parties under local law and your contractual obligations. Anticipate questions that people might have and answer them clearly and concisely. 

Notify affected parties and legal authorities

In the third step, you must notify legal authorities and, in certain circumstances, any affected parties about the data breach. Check the federal and state laws that apply to your business. You should inform law enforcement based on the kind of information and regulations that become compromised.

Disclaimer: These guidelines are based on the FTC's recommendations and do not constitute legal advice. If you have legal questions, consult a licensed attorney.

If a cybercriminal steals information such as clients’ bank account numbers or credit card details, you must inform the businesses that maintain such accounts to prevent misuse.

Consider the following attributes in deciding who to notify and how:

  • Laws of the state.
  • Nature of data breach.
  • Type of the information stolen
  • The potential damage caused due to identity theft or misuse of the information

The FTC's detailed recommendations for notifying individuals regarding a data breach are available. The document also presents a model letter on how the information will be conveyed.

How to prevent a data breach

You can prevent data breaches by building and maintaining the right security construct in your organization. It will help you save your business from hefty fines imposed by regulating authorities for compromising customer's sensitive data or information. 

$4.88 million

 

is the global average cost of a data breach in 2024.

Source: IBM

You can take the following security measures to build and maintain a robust security posture in your organization. 

Implement role-based access control

Add an extra layer of security over your applications using role-based access controls to protect your data from unwanted exposure. You can regulate access controls using user provisioning tools that allow you to keep track of users' access rights and enable you to easily create and manage users' access privileges.

Malicious hackers see employees as their primary key to penetrating an organization's infrastructure. Controlling their access rights will help protect your data from unauthorized access and avoid accidental or intentional exposure to foreign entities.

Tip: Learn how to implement a user provisioning tool to regulate your employees' access rights in your company.

Onboard a cybersecurity specialist

Onboarding a cybersecurity specialist is a rewarding investment when you think about its long-term return on investment (ROI). Cybersecurity specialists educate your employees about the best practices they should follow based on their experience with past security breaches.

They'll update your staff regarding evolving cybercrime techniques, making your team aware of different attack vectors that could risk your organization's security posture. They'd train your staff to identify danger, locate shadow IT, educate them about evolving black-hat techniques, and more.

Monitor your IT infrastructure

A few hours of downtime can seriously impact your company's revenue. You have to be proactive and resolve incidents when they appear. Monitoring your IT infrastructure constantly is advisable to ensure you have addressed security issues or incidents that might converge into downtime. 

Tip: Use remote monitoring and management software to access your IT infrastructure remotely.

Monitoring activities across all endpoints continually will help you protect your IT assets from potential threats and security breaches, enabling you to maintain security.

Secure all endpoints

Leverage edge protection and secure all endpoints in your IT infrastructure to prevent any accidental security breaches. It covers all your servers, systems, applications, IoT devices, and other assets in the environment. 

Edge protection will enable you to restrict access to any unsecured web page and block harmful emails with firewalls, web filters, and spam filters. Even if some malicious entity slips through it, endpoint protection software will disable it immediately.

Evaluate third-party vendors

Make sure you onboard third-party vendors that match your cybersecurity standards. Onboarding a vendor without evaluating the risk they may introduce into your security construct can be very costly. While onboarding a new vendor, ensure that you have evaluated the security of the vendor solution.

Although this wouldn't prevent a third-party data breach, it would hold the vendor accountable if their security posture changes and remediation is negligent. You can consider having predetermined service-level agreements (SLAs) to keep cybersecurity risk management in check while delivering the desired outcomes. 

Consistent monitoring of your vendors for security risks would be rewarding compared to conducting one-time audits and questionnaires. It'll give you a complete overview of your vendor's security posture.

Maintain a backup of your data

If the unfortunate event of a data breach occurs, having a backup of the data will help you restore a clean system and get it up and running. It'd help you recover the lost data. You can collaborate with IT specialists and implement an automated data backup solution in an organization.

When a data breach occurs, you'll be assured that a backup is ready for you to restore and prevent further downtime that could undermine your business's reputation and finances. 

Data breach examples

Even after maintaining a cybersecurity program in the organization, specific gaps in the security construct expose the organization to threats due to technical issues or sheer negligence. As a result, data breaches have occurred and caused significant damage to the involved businesses. Let's look at a few of the biggest data breaches and learn from them to avoid falling victim to the same black-hat techniques.

Adobe

In October 2013, Adobe suffered a data breach that compromised the personal and bank details of at least 38 million users. Based on a settlement reached in August 2015, the company was required to pay $1.1 million in legal fees and a substantial amount to a user whose information was compromised, as it violated the Customer Record Act. 

Adobe spokesperson Heather Edell said, "The company has just completed a campaign to contact active users whose user IDs with valid, encrypted password information were stolen, urging those users to reset their passwords.” She said Adobe does not indicate that there has been any unauthorized activity on any Adobe ID involved in the incident.

The company claimed that "their investigation confirmed that hackers gained access to Adobe IDs of around 38 million active users with the encrypted passwords." These users were notified through emails to reset their compromised passwords.

eBay

In May 2014, eBay reported a compromised list of 145 million users. The information included names, encrypted passwords, addresses, phone numbers, and dates of birth. The hack was performed using the credentials of three employees to gain access to its network, where the unauthorized access went unnoticed for 229 days, where they could have compromised the user database.

eBay notified its customers to change their passwords. Financial information such as credit card numbers and other details were not compromised in the breach. Customers criticized the company for its lack of communication with them and poor implementation of the password-renewal process.

Adult Friend Finder

In October 2016, Adult Friend Finder suffered a data breach, and records of around 412.2 million users were stolen. These records contained sensitive information as it was a dating website. The weak SHA-1 hashing algorithm protected the user accounts. Over 99% of these passwords were estimated to be cracked before leakedsource.com published its data analysis on November 14, 2016.

Based on the reports, a researcher named 1x0123 on Twitter and Revolver in other circles posted screenshots of Local File Inclusion (LFI) vulnerability in a module of protection servers used by Adult Friend Finder, which was being exploited.

Equifax

On September 7, 2017, one of the United States's largest credit bureaus suffered a data breach that exposed about 147.9 million customers. The Equifax data breach was caused due to an application vulnerability on one of their websites. In the breach, personally identifiable information (PII) like social security numbers, birth dates, addresses, and driver's license numbers of 143 million users was compromised, and credit card information of 209,000 consumers was also exposed. The number increased to 147.9 million in October 2017. 

During the breach, inadequate system segmentation made lateral movement easy for the attackers.

Canva

In May 2019, Canva suffered a cyber attack that compromised the usernames, email addresses, names, cities, and hashed passwords of 137 million users. The user data was accessible to the hackers, who managed to view files with partial credit card data. They weren't able to steal this information. 

It was reported that the hackers were called Gnosticplayers. ZDNet contacted them to boast about the incident. Canva detected the attack, and they closed their data breach server.

The company confirmed the incident and notified users, prompting them to change passwords and reset access tokens. Later, Canva confirmed that approximately 4 million Canva accounts containing stolen user passwords were decrypted and shared online.

LinkedIn

In 2021, a massive data breach compromised LinkedIn's user database. Hackers exploited a loophole in LinkedIn's API to access and steal information from nearly 700 million users, about 93% of them. This exposed sensitive data like full names, contact information, and social media details.

The stolen data was then sold on the dark web, raising concerns about the potential for identity theft and other malicious activities. While LinkedIn claimed no private data was breached, the exposed information still posed serious security risks.

The incident prompted warnings from cybersecurity experts and government agencies, advising users to be vigilant against phishing scams and other online threats.

Make your information security unbreachable

Start taking the right precautions by building and maintaining a robust security framework in your organization and preventing your assets from data breaches.

Check out the best antivirus software to fortify your assets against potential cyber-attacks.

This article was originally published in 2023. It has been updated with new information.

Sagar Joshi
SJ

Sagar Joshi

Sagar Joshi is a former content marketing specialist at G2 in India. He is an engineer with a keen interest in data analytics and cybersecurity. He writes about topics related to them. You can find him reading books, learning a new language, or playing pool in his free time.