anavem.
Back to Glossary
D

Data Breach

A data breach is a security incident in which sensitive, confidential, or protected data is accessed, disclosed, or stolen without authorization.

What is a data breach?

A data breach occurs when information is exposed to unauthorized parties due to a security failure, misconfiguration, human error, or malicious attack. The compromised data may include personal information, credentials, financial records, intellectual property, or confidential business data. Data breaches can affect organizations of any size and may involve on-premises systems, cloud services, SaaS platforms, or third-party providers.

Why data breaches matter

Data breaches are critical incidents because they can:

  • Expose personal or sensitive customer data
  • Lead to identity theft, fraud, or account takeover
  • Cause regulatory penalties and legal liability
  • Damage brand reputation and customer trust
  • Result in financial losses and operational disruption

In regulated environments, a data breach often triggers mandatory disclosure and reporting obligations.

Common causes of data breaches

Data breaches typically result from one or more of the following:

1) Cyberattacks

  • Phishing and credential theft
  • Malware and ransomware infections
  • Exploited software vulnerabilities
  • Insider threats (malicious or compromised accounts)

2) Misconfigurations

  • Publicly exposed cloud storage
  • Over-permissive access controls
  • Insecure APIs or services

3) Human error

  • Sending data to the wrong recipient
  • Weak passwords or credential reuse
  • Lost or stolen devices without encryption

4) Third-party compromise

  • Breaches at vendors, MSPs, or SaaS providers
  • Supply chain and dependency attacks

Types of data exposed

A data breach may involve:

  • Personally identifiable information (PII)
  • Authentication credentials and tokens
  • Financial and payment data
  • Health or regulated data
  • Source code or intellectual property
  • Internal communications and documents

The impact depends heavily on data sensitivity and scope.

Data breach vs data leak

These terms are often confused:

  • Data breach: unauthorized access due to security failure or attack
  • Data leak: unintentional exposure, often due to misconfiguration

Both can have similar consequences, but breaches usually imply hostile access.

Detection and response

Organizations detect data breaches through:

  • Security monitoring and alerts (SIEM, EDR, XDR)
  • Anomalous access or data exfiltration patterns
  • Reports from users, partners, or researchers
  • Law enforcement or third-party notifications

Incident response typically includes containment, investigation, notification, remediation, and post-incident review.

Preventing data breaches

Effective prevention strategies include:

  • Strong identity security (MFA, least privilege)
  • Regular patching and vulnerability management
  • Encryption of data at rest and in transit
  • Monitoring and logging of access and data flows
  • Secure configuration of cloud and SaaS services
  • Employee security awareness training

No control is sufficient alone - defense in depth is required.

Common misconceptions

  • "Only large companies suffer data breaches"
  • "Encryption alone prevents breaches"
  • "Cloud providers are fully responsible for data security"
  • "If data wasn't published, there was no breach"

In many jurisdictions, unauthorized access alone qualifies as a data breach.