>

Glossary Home

What will I learn?

  1. What is a data breach?
  2. How are data breaches classified?
  3. What types of data are at risk?
  4. What are the consequences of a data breach?

Related Content

Glossary Home

Data Breach

What is a data breach?

A data breach is a security incident in which an unauthorized individual or entity gains access to confidential, sensitive, or protected information. This includes personal, financial, and health data—any information the organization is responsible for protecting.

In simple terms, a data breach occurs when protected data is exposed, accessed, or disclosed without authorization.

How are data breaches classified?

Data breaches are commonly classified based on how they occur or by their impact on data security.

Classification by nature of attack

Most data breaches occur due to external attacks, insider actions, or system failures and misconfigurations.

  • External attacks: Malicious actors target organizations through phishing emails that trick employees into revealing credentials, malware that infiltrates systems to harvest or encrypt data, credential-stuffing attacks that exploit reused passwords, and exploitation of unpatched software vulnerabilities. Many of these attacks are closely tied to weaknesses in email security.
  • Insider threats: A significant proportion of data breaches originate from within the organization. These insider threats generally fall into two categories. Malicious insiders intentionally misuse their authorized access to expose data for personal, financial, or competitive gain. Negligent insiders cause breaches through carelessness, such as emailing sensitive files to the wrong recipient or leaving a device containing customer data unattended.
  • System misconfigurations and errors: Incidents such as incorrectly configured databases, cloud storage resources exposed to the public internet, or failure to apply security updates promptly can expose sensitive data without any attacker involvement. Regulators still consider these incidents data breaches, even when no malicious intent is involved.

Classification by security impact (GDPR)

Under regulatory frameworks such as GDPR, data breaches are also classified based on how they affect confidentiality, integrity, and availability.

  • A confidentiality breach occurs when data is accessed or disclosed without authorization.
  • An integrity breach involves unauthorized modification or alteration of data.
  • An availability breach occurs when data becomes inaccessible to authorized users, such as during a ransomware incident.

What types of data are at risk?

Data breaches can expose a wide range of sensitive information. The types of data most frequently targeted include:

  • Personally identifiable information (PII), such as names, addresses, dates of birth, national identification numbers, and email addresses that can be used to identify or contact an individual.

  • Login credentials, such as usernames and passwords that enable unauthorized access to accounts across multiple platforms, particularly when individuals reuse passwords.

  • Financial data, such as credit card numbers, bank account details, and payment records used directly for fraud or sold on criminal markets.

  • Protected health information (PHI), such as medical records, prescriptions, and insurance details, which carry both high monetary value and strict legal protections under regulations such as HIPAA.

  • Business-critical data, such as trade secrets, product roadmaps, source code, and proprietary research that provide competitive advantage or strategic value to the business.

  • Operational data, such as IT security information, network configurations, and system configurations that allow further attacks.

What are the consequences of a data breach?

Data breaches have consequences that extend well beyond the initial security incident. The impact is typically legal, financial, operational, and reputational.

Legal and regulatory obligations

Most data protection laws require organizations to safeguard personal data and follow defined procedures when a breach occurs. Regulations such as GDPR, PIPL, LGPD, India’s DPDP Act 2023, and the United States’ HIPAA and sectoral framework, including state laws like CCPA/CPRA mandate how organizations must assess, report, and respond to data breaches.

Financial impact

Organizations may face regulatory fines, legal action, and compensation claims from affected individuals. Additional costs often include forensic investigations, legal fees, customer notifications, and, in some cases, ransom payments.

Operational disruption

Data breaches can significantly disrupt normal business operations. Systems may need to be taken offline to contain the incident, investigate its cause, and prevent further data exposure, interrupting critical services such as email, customer access, and internal workflows. Security and IT teams must redirect time and resources to incident response and remediation, delaying routine operations and planned projects. In severe cases, organizations may experience prolonged downtime, reduced productivity, and ongoing operational overhead even after systems are restored.

Reputational damage

Loss of customer trust is one of the most lasting consequences of a data breach. People who have had their data exposed might decide to move their business to another provider. Public disclosure of a breach can lead to sustained negative media coverage and reputational damage. Reputational damage can take significantly longer to recover from.