Data breach/leakage

A data breach or data leakage can occur when data from individuals, companies or other organisations, is spread or compromised, either by accident or intentionally. There is a distinct difference between a data breach and a data leakage. A data breach occurs from the outside, meaning that malicious hackers intentionally obtain data from (secure) actors. A data leakage occurs from the inside, meaning that data is intentionally or accidentally leaked to the outside (this can be by human error but also technical failure). A data breach or leakage may include various actors and entails small or large amounts of data and information. For example, a personal data breach includes personal data of an individual that is accessible without that individual’s consent. Another example can be found in a cloud data breach, where data from a companies’ cloud is accessed without authorization or is hacked by malicious actors. The consequence may be the unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise processed (definition from ISO/IEC 27040).

A data breach or data leakage can be harmful for individuals, companies and organisations. The unauthorized access to for example someone’s personal data, newly developed technologies or a companies’ financial information can have detrimental effects to various actors. Consequently, individuals, companies and organisations go to great lengths to secure their data using company protocols, encryption, access control, firewalls and other preventive measures. A breach or leakage of privacy sensitive data has to be reported under the European regulations (GDPR) or other applicable law or regulation and can lead to a fine. Often, trust in the organsiation that spilled information declines and can diminish brand value. The recovery of systems or data may lead to substantial costs, personal consequences of a data breach may be identity theft, extortion and other cyber attacks for instance. 

Related keywords: data spill, personally identifiable information, cloud data breach, data leakage prevention, data breach prevention, privacy, compromised data, stolen data, identity theft, stolen user credentials.