It seems that not a day goes by without a headline announcing that a company has suffered from a data breach. Privacy violations not only endanger companies, but also its customers and partners. In this blog post, we take a look at the five most common types of data or privacy breaches you should be aware of.
1. Cyber attacks
Software vulnerabilities give cyber criminals easy access to sensitive resources. When exploited, these vulnerabilities can lead to a range of security incidents such as unauthorized access, malware attacks, compromise of social media accounts and even credit card theft.
For example, 339 million guest records of Marriott International Inc. were exposed in this way, which resulted in the hotel paying a hefty fine of £18.4 million! The Information Commissioner’s Office (ICO) stated that Marriott had failed to protect personal data as required by the General Data Protection Regulation (GDPR).
2. Password theft
Password theft is one of the most common types of data breaches. Not a surprise as we often found ourselves guilty of not carefully choosing a secure password and simply picking ones that are easy to remember such as our date of birth, pet names or nicknames. Many people tend to also use the same password over and over again. Consequently, cyber criminals have adapted to these behaviors and set up databases of these commonly used passwords.
In 2021, the largest data breach of all time occurred. It involved the publication of a 100 GB TXT file containing 8.4 billion password entries on a popular hacker forum. In a similar case, the State Data Protection Commissioner of Baden-Württemberg imposed a fine of 20,000 euros on a social media provider for storing customer passwords in plain text.
3. Human error
Data breaches are not necessarily caused by malicious actions or with malicious intent. Researchers at Stanford University have found that about 88 percent of all data breaches are due to employee errors.
Among the most common mistakes is sending sensitive information to the wrong person, such as sending an email to the wrong address, attaching the wrong document or giving a physical file to someone who should not have access to the information.
Another good example is the release of the personal data of hundreds of high school students in Melbourne. An employee had mistakenly released medical data that included information about students‘ mental health conditions such as Asperger’s, autism and ADHD.
4. Social engineering
Social engineering refers to psychological manipulation to obtain sensitive data from victims. Phishing is the most common form of social engineering attack, whether it is verbally or electronically. The most popular form is phishing by email. Phishing emails appear to be legitimate messages from trusted sources, but their contents contain infected links. When a user clicks on a link in a phishing email, malware is unwittingly installed, or the user is redirected to a (fake) website used for data theft.
One of the most successful phishing attacks occurred in 2016 when hackers managed to hack the Gmail account of Hillary Clinton’s campaign manager John Podesta. Within hours of the release of the US election results, Russian hackers sent phishing emails from fake Harvard University email addresses to publish fake news.
5. Physical security breaches
One of the most obvious types of data breaches is direct theft of sensitive data. Again, this happens more often than you might think. Carelessness by employees, and even executives, can quickly result in billions of dollars in damage.
An example of this is the Hong Kong Residents Registration and Election Office. There, the data of 3.7 million citizens may have been compromised after two laptops were misplaced or lost.
So how can you avoid data breaches?
The above-mentioned examples show just how easy it is for a data breach to occur. As a result, this is not only time-consuming, risky and associated with rising internal costs, but can also lead to heavy fines from the authorities.
With a smart audit, you can limit or, at best, prevent the likelihood of data breaches: from identifying and uncovering potential risks to formulating a strategy and developing technical and organizational solutions that fit your business.
Do you want to know how we can support you in this area? Our team of experienced data protection experts is always ready to help you!