A security breach is any incident that results in unauthorized access to computer data, applications, networks or devices. It results in information being accessed without authorization. Typically, it occurs when an intruder is able to bypass security mechanisms.
Technically, there's a distinction between a security breach and a data breach. A security breach is effectively a break-in, whereas a data breach is defined as the cybercriminal getting away with information. Imagine a burglar; the security breach is when he climbs through the window, and the data breach is when he grabs your pocketbook or laptop and takes it away.
Confidential information has immense value. It's often sold on the dark web; for example, names and credit card numbers can be bought, and then used for the purposes of identity theft or fraud. It's not surprising that security breaches can cost companies huge amounts of money. On average, the bill is nearly $4m for major corporations.
It's also important to distinguish the security breach definition from the definition of a security incident. An incident might involve a malware infection, DDOS attack or an employee leaving a laptop in a taxi, but if they don't result in access to the network or loss of data, they would not count as a security breach.
Examples of a security breach
When a major organization has a security breach, it always hits the headlines. Security breach examples include the following:
- Equifax - in 2017, a website application vulnerability caused the company to lose the personal details of 145 million Americans. This included their names, SSNs, and drivers' license numbers. The attacks were made over a three-month period from May to July, but the security breach wasn't announced until September.
- Yahoo - 3 billion user accounts were compromised in 2013 after a phishing attempt gave hackers access to the network.
- eBay saw a major breach in 2014. Though PayPal users' credit card information was not at risk, many customers' passwords were compromised. The company acted quickly to email its users and ask them to change their passwords in order to remain secure.
- Dating site Ashley Madison, which marketed itself to married people wishing to have affairs, was hacked in 2015. The hackers went on to leak a huge number of customer details via the internet. Extortionists began to target customers whose names were leaked; unconfirmed reports have linked a number of suicides to exposure by the data breach.
- Facebook saw internal software flaws lead to the loss of 29 million users' personal data in 2018. This was a particularly embarrassing security breach since the compromised accounts included that of company CEO Mark Zuckerberg.
- Marriott Hotels announced a security and data breach affecting up to 500 million customers' records in 2018. However, its guest reservations system had been hacked in 2016 - the breach wasn't discovered until two years later.
- Perhaps most embarrassing of all, being a cybersecurity firm doesn't make you immune - Czech company Avast disclosed a security breach in 2019 when a hacker managed to compromise an employee's VPN credentials. This breach didn't threaten customer details but was instead aimed at inserting malware into Avast's products.
A decade or so ago, many companies tried to keep news of security breaches secret in order not to destroy consumer confidence. However, this is becoming increasingly rare. In the EU, the GDPR (General Data Protection Regulations) require companies to notify the relevant authorities of a breach and any individuals whose personal data might be at risk. By January 2020, GDPR had been in effect for just 18 months, and already, over 160,000 separate data breach notifications had been made - over 250 a day.
Types of security breaches
There are a number of types of security breaches depending on how access has been gained to the system:
- An exploit attacks a system vulnerability, such as an out of date operating system. Legacy systems which haven't been updated, for instance, in businesses where outdated and versions of Microsoft Windows that are no longer supported are being used, are particularly vulnerable to exploits.
- Weak passwords can be cracked or guessed. Even now, some people are still using the password 'password', and 'pa$$word' is not much more secure.
- Malware attacks, such as phishing emails can be used to gain entry. It only takes one employee to click on a link in a phishing email to allow malicious software to start spreading throughout the network.
- Drive-by downloads use viruses or malware delivered through a compromised or spoofed website.
- Social engineering can also be used to gain access. For instance, an intruder phones an employee claiming to be from the company's IT helpdesk and asks for the password in order to 'fix' the computer.
In the security breach examples we mentioned above, a number of different techniques were used to gain access to networks — Yahoo suffered a phishing attack, while Facebook was hacked by an exploit.
Though we've been talking about security breaches as they affect major organizations, the same security breaches apply to individuals' computers and other devices. You're probably less likely to be hacked using an exploit, but many computer users have been affected by malware, whether downloaded as part of a software package or introduced to the computer via a phishing attack. Weak passwords and use of public Wi-Fi networks can lead to internet communications being compromised.
What to do if you experience a security breach
As a customer of a major company, if you learn that it has had a security breach, or if you find out that your own computer has been compromised, then you need to act quickly to ensure your safety. Remember that a security breach on one account could mean that other accounts are also at risk, especially if they share passwords or if you regularly make transactions between them.
- If a breach could involve your financial information, notify any banks and financial institutions with which you have accounts.
- Change the passwords on all your accounts. If there are security questions and answers or PIN codes attached to the account, you should change these too.
- You might consider a credit freeze. This stops anyone using your data for identity theft and borrowing in your name.
- Check your credit report to ensure you know if anyone is applying for debt using your details.
- Try to find out exactly what data might have been stolen. That will give you an idea of the severity of the situation. For instance, if tax details and SSNs have been stolen, you'll need to act fast to ensure your identity isn't stolen. This is more serious than simply losing your credit card details.
- Don't respond directly to requests from a company to give them personal data after a data breach; it could be a social engineering attack. Take the time to read the news, check the company's website, or even phone their customer service line to check if the requests are legitimate.
- Be on your guard for other types of social engineering attacks. For instance, a criminal who has accessed a hotel's accounts, even without financial data, could ring customers asking for feedback on their recent stay. At the end of the call, having established a relationship of trust, the criminal could offer a refund of parking charges and ask for the customer's card number in order to make the payment. Most customers probably wouldn't think twice about providing those details if the call is convincing.
- Monitor your accounts for signs of any new activity. If you see transactions that you don't recognize, address them immediately.
How to protect yourself against a security breach
Although no one is immune to a data breach, good computer security habits can make you less vulnerable and can help you survive a breach with less disruption. These tips should help you prevent hackers breaching your personal security on your computers and other devices.
- Use strong passwords, which combine random strings of upper and lower-case letters, numbers, and symbols. They are much more difficult to crack than simpler passwords. Don't use passwords that are easy to guess, like family names or birthdays. Use a Password Manager to keep your passwords secure.
- Use different passwords on different accounts. If you use the same password, a hacker who gains access to one account will be able to get into all your other accounts. If they have different passwords, only that one account will be at risk.
- Close accounts you don't use rather than leaving them dormant. That reduces your vulnerability to a security breach. If you don't use an account, you might never realize that it has been compromised, and it could act as a back door to your other accounts.
- Change your passwords regularly. One feature of many publicly reported security breaches is that they occurred over a long period, and some were not reported until years after the breach. Regular password changes reduce the risk you run from unannounced data breaches.
- If you throw out a computer, wipe the old hard drive properly. Don't just delete files; use a data destruction program to wipe the drive completely, overwriting all the data on the disk. Creating a fresh installation of the operating system will also wipe the drive successfully.
- Back up your files. Some data breaches lead to the encryption of files and a ransomware demand to make them available again to the user. If you have a separate backup on a removable drive, your data is safe in the event of a breach.
- Secure your phone. Use a screen lock and update your phone's software regularly. Don’t root or jailbreak your phone. Rooting a device gives hackers the opportunity to install their own software and to change the settings on your phone.
- Secure your computer and other devices by using anti-virus and anti-malware software. Kaspersky Antivirus is a good choice to keep your computer free from infection and ensure that hackers can't get a foothold in your system.
- Be careful where you click. Unsolicited emails which include links to websites may be phishing attempts. Some may purport to be from your contacts. If they include attachments or links, ensure they're genuine before you open them and use an anti-virus program on attachments.
- When you're accessing your accounts, make sure you're using the secure HTTPS protocol and not just HTTP.
- Monitoring your bank statements and credit reports helps keep you safe. Stolen data can turn up on the dark web years after the original data breach. This could mean an identity theft attempt occurs long after you've forgotten the data breach that compromised that account.
- Know the value of your personal information and don't give it out unless necessary. Too many websites want to know too much about you; why does a business journal need your exact date of birth, for instance? Or an auction site your SSN?
You'd never dream of leaving your house door open all day for anyone to walk in. Think of your computer the same way. Keep your network access and your personal data tightly secured, and don't leave any windows or doors open for a hacker to get through.