Data breaches in corporates and takeaways
What is a data breach?
A data breach is a security violation incident, in which sensitive or protected or confidential data is copied or transmitted or viewed or stolen or used by an individual not authorized to do so. Anyone can be at risk of a data breach from an individual to corporate/government.
How critical is a data breach? For a medical hospital, patient medical data is their asset or for a bank, customer information such as SSN/Aadhar or credit card is very important. A data breach and access to these information in wrong hands will put these organizations out of business easily. Also, it will impact ordinary citizen whose data is compromised.
What is the cost of a data breach?
Data breach can be quite costly to any organization, be it small or large. Loss may be material or reputation to business. The average cost of a data breach in 2020 is $3.86 million, according to a new report from IBM and the Ponemon Institute. The report shows a 1.5% decrease in costs from 2019 but still a 10% rise over the last five years. This includes a combination of direct and indirect costs related to time and effort in dealing with a breach, lost opportunities such as customer churn resulting from bad publicity and regulatory fines.
How does data breach occur?
Data breaches often occur when an unauthorized user (adversary) gains access to sensitive data. This can be achieved through physical access or by bypassing security controls remotely. Breaching methods often observed includes:
- Malware attacks
- Insider leak
- Unintended disclosure
- Third-party vendor breaches
- Loss or theft
- Spyware
- Phishing, etc.,
Major data breaches in corporates:
Data breaches typically compromise company’s most sensitive records. Majority of the reported breaches are either hacking cases or unauthorized access to data within organization. More than 75 percent of all data breaches falls into these cases. Listed below are few major data breaches:
- Yahoo announced in 2014 that the account information of at least 500 million users was stolen, including names, email addresses, telephone numbers, birth dates, encrypted passwords, and in some cases, security questions by what was believed to be a “state-sponsored actor”.
- Equifax reported a potential data breach in 2017 impacting the personal information of approximately 147 million people
- In 2019, Facebook had 540 million user records exposed on the Amazon cloud server.
- Marriott International announced in 2018 that hackers had stolen data from about approximately 500 million Starwood hotel customers.
- In June of 2018, Florida-based marketing and data aggregation firm Exactis exposed a database containing nearly 340 million records on a publicly accessible server.
- Social media giant Twitter notified in 2018 that 330 million users of a glitch that stored passwords unmasked in an internal log, making all user passwords accessible to the internal network.
The list of data breaches is still a bigger one and is getting extended every year. As a matter of fact, every major data breach reported also leads to a lawsuit faced by the organization and a humungous settlement.
Statistics figure on data breaches:
As we have seen the definition, cause and examples of the data breaches - let us now see some statistics on these incidents. Below chart captures the distribution across industries in terms of financial loss.
How to we prevent data breaches in future?
Data breaches cannot be fully eradicated, but we can reduce the impact by following the government’s regulatory laws. These data regulatory laws were enacted to escalate breaches of consumer databases containing personally identifiable information. Example of few regulatory laws are
- European Unions’s General Data Protection Regulation (GDPR)
- Australia’s Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth)
- Protection of Personal Information (APPI) — Japan
- California data security breach notification law
Apart from following the laws, organizations have to implement required security measures, educate and have a contingency plan in case of such a situation.
Finally, anything and everything starts with the individual, so it is always our responsibility to be cautious in the usage of unsecured data or opening any unwanted emails/links.
