Data breaches, data leakages, and data loss: understanding cyber threats

There are a number of ways information ends up in the hands of cybercriminals, and understanding the relationship between data breaches and data leakages helps clarify these methods.

Data leakage occurs when sensitive information is accidentally exposed, leading to data theft or loss. A notable example is the case with Facebook in 2019, where a data leak exposed over 540 million records, including account names and IDs, on a publicly accessible server. This was not due to a hacker but rather an internal misconfiguration that left the data exposed.

A breach happens when hackers deliberately steal private information by attacking a website or app. For example, the Equifax breach in 2017 saw hackers steal the personal data of 147 million people, including social security numbers, birth dates, and addresses. This breach was due to a vulnerability in Equifax’s software, which the hackers exploited.

Data loss refers to the unintended destruction or deletion of information. This can happen due to various reasons, such as system failures, human error, or cyberattacks. For instance, the 2017 Amazon Web Services (AWS) outage led to a huge loss of data for several businesses relying on their cloud services. Unlike data leakage or breaches, data loss may not always involve unauthorized access but still poses severe consequences for organizations, including operational disruptions and financial setbacks.

The difference

The main difference between data leakage and a breach is how they occur. Data leakage typically results from internal mistakes or weak security practices, whereas a breach is the result of external hackers attacking to steal information.

What's a data breach?

Data breaches occur when hackers gain unauthorized access to sensitive data, often by attacking a website or app. These incidents can arise from cybersecurity mishaps, whether intentional or accidental, that expose personal data and leave individuals vulnerable to harm. Data breaches can be seen as both data leakages and breaches because they can result from internal vulnerabilities, like poor security practices leading to leakage or direct external attacks. Both scenarios can have serious consequences, including identity theft and financial loss.

Real-life examples

Data leakage: In 2018, a data leak at the United States Postal Service (USPS) exposed the data of 60 million users. The leak was due to an authentication weakness in the USPS Informed Delivery service, allowing unauthorized access to user data.

Breach: The Yahoo data breaches of 2013 and 2014 are prime examples of breaches. Hackers stole data from over 3 billion accounts, including email addresses, dates of birth, and security questions and answers. These breaches were the result of sophisticated, coordinated attacks by external hackers.

Data loss: The 2017 Amazon Web Services (AWS) outage led to significant data loss for several businesses relying on their cloud services. This incident highlights the importance of robust data backup and recovery strategies.

Data leakage, breaches, and data loss can be costly, potentially resulting in the loss of careers, reputations, or even life savings for those involved. These attempts aren’t limited to individuals, groups, companies, or even governments. It is a raging problem, and its instances are increasing drastically.

Most data breaches occur due to human error, poor passwords, carelessness, and simple mistakes. Additionally, phishing, malware, and strategic hacking attempts can steal information from businesses and individuals. To combat this, business owners need sustainable response plans, robust security protocols, and detailed information about potential breaches. We also recommend using professional cybersecurity tools like Guardio to enhance current security measures. These simple steps will help protect against unauthorized access.