Data Breach 101

The definition of a data breach is “an incident in which sensitive, protected, or confidential data has potentially been viewed, stolen, or used by an individual unauthorized to do so. Data breaches may involve payment card information (PCI), personal health information (PHI), personally identifiable information (PII), trade secrets, or intellectual property.”

The concept that most are familiar with regarding data breach is hackers plugging into a corporate network to steal sensitive data. More often than not, the reality is less dramatic. Data breach occurs in the simplest instance, like when an employee draws up the record of a patient in a hospital system and someone unauthorized looks over and read over his or her shoulder — that already constitutes as data breach.

There are government compliance regulations and industry guidelines in place to avoid data breaches of personal and sensitive data. For instance, the Payment Card Industry Data Security Standard (PCIDSS) dictates who can handle data such as PINs, credit card numbers and banking account numbers, within a corporate environment. The Health Insurance Portability and Accountability Act (HIPAA) conditions access to personal data such as name, date of birth, social security number, and health history. If an unauthorized person were to view or have access to this data, the corporation entrusted with this information could be said to have suffered a data breach. The offending organization may face serious prosecution if the data breach results in identity theft or violation of government compliance mandates.

As businesses become more and more reliant on digital data, workforce mobility and cloud computing, data breaches have attracted widespread attention. As easily as sensitive information is stored and shared, it is also risking easy breach, even on restricted networks.

Data breaches have not just began just as digital data storage became essential for companies; it has existed as long as information has been recorded and stored. It increased in frequency in the 1980s, 1990s and 2000s, along with public awareness of its dangers. Some regulations prove to be useful in some measure, providing framework for the safeguarding, storage and practices in handling sensitive data. However, the rules do not exist in all industries, nor do they really prevent breaches from occurring. A single data breach attack on one organization is able to impact hundreds of thousands – sometimes millions – of individual records and consumers.

A chronology of data and security breaches has been maintained by the Privacy Rights Clearinghouse, reporting of the impact on consumers, dating back to 2005. The compromised information would “include data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver’s license numbers.” For balance, breaches that do not compromise sensitive data are also recorded. But the data breaches consist of those reported in just the United States, and no other country.

Most of the major data breaches have occurred in 2005 and beyond. The fact of the matter is the world’s volume of data has grown so much over time, and that gives criminals a bigger chance of exposing gargantuan amounts of data in a single breach. In 2005, 157 data breaches were reported, with 66.9 million records exposed, in the U.S. In 2014, 783 data breaches were reported, with 85.61 million records exposed. This proves an increase of almost 500 percent over 2005.

Data breach defense and prevention has also progressed extensively along with the ever increasing threats to security. They offer greater protection and preventive approach in terms of data security, with some offering tips and additional information on its advancement and risks.

Thus, it can be established that data security should not be taken lightly and organizations should be more aware of how to effectively prevent breaches from occurring, seeing as how much potential damage could occur and put the companies and their livelihoods at risk.