A security incident where protected, sensitive, or confidential data is accessed, stolen, or exposed by unauthorized individuals. Data breaches can result from hacking, insider threats, lost devices, or misconfigured systems.

What is Data Breach? | Privacy Glossary

A data breach is every company's nightmare and every user's risk. When attackers access databases full of personal information, the data often ends up for sale on the dark web or used for identity theft.

Types of Data Breaches

Hacking

Exploiting vulnerabilities
SQL injection, XSS
Brute force attacks
Most common cause

Insider Threats

Malicious employees
Accidental exposure
Third-party contractors

Physical

Stolen laptops
Lost devices
Improper disposal

Misconfiguration

Exposed databases (no password)
Misconfigured cloud storage
Publicly accessible backups

What Gets Exposed

Most Valuable to Attackers

Social Security Numbers
Credit card numbers
Bank account details
Passwords (especially reused)
Healthcare records

Also Sensitive

Email addresses
Phone numbers
Physical addresses
Date of birth
Account credentials

Major Breaches

Breach	Year	Records
Yahoo	2013-14	3 billion
Marriott	2014-18	500 million
Equifax	2017	147 million
Facebook	2019	533 million
LinkedIn	2021	700 million

Protecting Yourself

Before Breaches

Use unique passwords everywhere
Enable 2FA on all accounts
Minimize data shared with companies
Monitor your credit

After Breaches

Change passwords immediately
Enable credit freezes
Monitor financial accounts
Be alert for phishing

Check If You're Affected

haveibeenpwned.com
Company notifications
Credit monitoring alerts

Breach Notification Laws

GDPR (Europe)

72-hour notification to authorities
"Without undue delay" to users
Significant penalties for failure

US State Laws

All 50 states have notification laws
Requirements vary
Usually 30-60 days

HIPAA (Healthcare)

60-day notification
Detailed requirements
Significant penalties

What is Data Breach?