What is a data breach?
A data breach is the release of confidential, private, or otherwise sensitive information into an unsecured environment. A data breach can occur accidentally, or as the result of a deliberate attack.
Millions of people are affected by data breaches every year, and they can range in scope from a doctor accidentally looking at the wrong patient’s chart, to a team of elite agents cracking government computers to uncover military secrets.
Data breaches are a major concern for cyber-security because sensitive data is constantly being transmitted over the Internet. This continuous transfer of information makes it possible for attackers in any location to attempt data breaches on almost any person or business they choose.
What are some common examples of a data breach?
- Lost or stolen credentials - The simplest way to view private data online is by using someone else’s login credentials to sign into a service. To that end, attackers employ a litany of strategies to get their hands on people’s logins and passwords. These include brute force attacks and on-path attacks.
- Social engineering attacks - Social engineering involves using psychological manipulation to trick people into handing over sensitive information. For example, an attacker may pose as an IRS agent and call victims on the phone in an attempt to convince them to share their bank account information.
- Insider Threats - These involve people who have access to protected information deliberately exposing that data, often for personal gain. Examples include a restaurant server copying customers’ credit card numbers as well as high-level government employees selling secrets to foreign states.
- Attacks on large companies - Major corporations are prime targets for attackers attempting to cause data breaches because they offer such a large payload. This payload can include millions of users’ personal and/or financial information, such as login credentials and credit card numbers. This data can all be resold on the black market.
- Physical point-of-sale attacks - These attacks target credit and debit card information and most often involve the devices that scan and read these cards. For example someone could set up a fake ATM machine or even install a scanner onto a legitimate ATM machine in hopes of gathering card and pin numbers.
- Credential fraud - After someone’s login credentials are exposed, an attacker may try re-using those same credentials on dozens of other platforms. If that user logs in with the same username and password on multiple services, the attacker may gain access to the victim’s email, social media, and/or online banking accounts.
What does a real-world data breach look like?
One of the most notorious data breaches in recent years was the cyber-attack launched against Target in 2013. This attack is still widely discussed because the combination of strategies used to pull it off was so sophisticated. It involved a social engineering attack, the hijacking of a third-party vendor, and an large-scale attack on physical point-of-sale devices.
The attack was initiated with a phishing scam that went after employees of an air-conditioning company that Target was contracting with to provide air conditioning units to cool their stores. These air conditioners were linked to computers on Target’s network to monitor energy usage, and the attackers hacked the air-conditioning company’s software to gain access to the Target system. Eventually the attackers were able to reprogram credit-card scanners in Target stores to provide attackers with customer credit card data. These scanners were not connected to the internet, but were programmed to periodically dump saved credit card data into an access point monitored by the attackers. The attack was overwhelmingly successful and led to an estimated 110 million target customers having their data compromised.
How can data breaches be prevented?
Since data breaches come in so many forms, there is no single solution to stop data breaches and a holistic approach is required. Many types of data breaches can be avoided with a common sense approach to data security. Practices such as not using credit cards with suspicious vendors and choosing long, unique passwords for online services will stop some of the easiest and most common data breach attacks. Keeping software up to date with security patches and using security software such as antivirus and malware blockers will also help mitigate data breaches.
Employers can help combat data breaches by ensuring that their employees only have the minimum amount of access and permissions necessary to do their jobs. It is also a good idea for a company to prepare a response plan to be executed in the case of a data breach, with a goal of minimizing or containing the leak of information.
Business should also encrypt their websites using SSL/TLS encryption to protect their customers’ data. In addition, a WAF can protect a business from several types of application attacks that aim to create data breaches. In fact, it’s speculated that a properly-configured WAF would have prevented the major data breach attack on Equifax in 2017.