What Is a Data Breach?

Quick Answer

A data breach occurs when information is accessed, stolen or used without the owner’s knowledge. Here’s how data breaches happen, how to protect yourself and what to do if your information is compromised.

What Is a Data Breach? article image.

A data breach happens when information is accessed, stolen or used without the owner's knowledge. It's a growing issue too: The overall number of data compromises spiked more than 68% in 2021, according to the Identity Theft Resource Center (ITRC).

Here's how data breaches happen, how to protect yourself and what to do if your information is compromised.

What Is a Data Breach?

Companies large and small, across all industries, are susceptible to data breaches. If you're victimized, it could put confidential information in the wrong hands. That may include your:

This data is valuable to business competitors, as well as thieves who buy and sell personal information on the dark web.

How Do Data Breaches Happen?

A data breach can happen in many different ways. A recent Experian report found that third parties in the supply chain were the cause of 50% of reported breaches. Data breaches can also be caused by:

  • Accidental leaks: An employee could unknowingly share sensitive information with an unauthorized user. An accidental web exposure can be equally serious. This happens when confidential information stored on a company server or device is exposed to the internet without security measures in place to ensure it can't be accessed.
  • Stolen hardware: If a dishonest employee or third-party vendor gets ahold of sensitive hardware, it could spell trouble for the business and consumers. That can include computers, hard drives, flash drives and other devices containing confidential data.
  • Phishing: This is when a fraudster tries to get someone to divulge sensitive information. It's usually through an unsolicited email or text where they pose as a company and request that you share personal information.
  • Online scams: Look out for websites that contain spelling errors, surprisingly low prices or pushy sales tactics pressuring you to act fast—they're all red flags that you could be dealing with a fraudulent website.
  • Romantic scams: Social media makes it easy to connect with someone who seems great, but is actually a scam artist. If they're asking for money, bank account information or other financial help, proceed with caution.
  • Malware: Hackers can use malicious software to extract sensitive data. It includes ransomware, which is when criminals take over an organization's computer network and demand a ransom to restore it. In 2021, a business was hit by a ransomware attack every 11 seconds, according to Experian data.

Data Breach Regulations

The Cybersecurity & Infrastructure Security Agency that operates within the Department of Homeland Security recommends that all organizations take the following action:

  • Reduce the odds of damaging cyber intrusions
  • Take steps to quickly detect potential intrusions
  • Ensure the organization is prepared to respond to potential intrusions
  • Maximize resilience to cyberattacks

There are also state laws that further regulate data breach reporting. New York state, for example, requires businesses that own or license computerized private information to notify residents if their personal information is compromised.

How to Avoid Being a Victim of a Data Breach

While corporate data leaks may be out of your hands, consumers can take the following steps to protect themselves from identity theft:

  • Use strong passwords and multifactor authentication.
  • Never share sensitive information with others. That includes your Social Security number, account passwords and more.
  • Don't use public Wi-Fi for banking, online shopping or other sensitive activities.
  • Be critical of texts, emails and phone calls requesting that you divulge personal information.
  • Check your credit report for accounts you don't recognize.
  • Shred old documents containing personal information.
  • Clear data on old phones and devices before donating or selling them.
  • Follow your employer's protocols to keep important data safe.

What to Do After a Data Breach

If you think your data has been compromised, take the following action to help set things right:

  • Look out for notifications from the organization where the breach originated. You can also reach out if you're worried your data has been involved in a breach.
  • Change your passwords and login information for accounts that were involved in the breach.
  • Add a fraud alert to your credit report or consider freezing your credit.
  • Monitor your credit and dispute errors if you find them.
  • Run a privacy scan to spot data that might be exposed elsewhere.
  • Report identity fraud if you've been victimized.

The Bottom Line

While you may not be able to avoid being wrapped up in a data breach, knowing how to respond can help prevent further damage. It underscores just how important it is to safeguard your information as much as possible.

Identity theft protection with Experian is an extra resource for consumers. If new or suspicious activity shows up on your credit report, you can know quickly and mount the proper response. You can also choose to get monthly privacy scans and dark web surveillance, and receive up to $1 million in identity theft insurance for additional protection.