Data Breaches

Data breaches are why we should care about our privacy. Scammers and criminals target companies in order to obtain as much data as possible about an individual, which in turn helps them commit identity theft or collect a hefty sum on the black market for the data. Learn about how data breaches happen and what to do if you happen to get involved in a data breach.

A data breach occurs when a cybercriminal successfully infiltrates a data source and extracts sensitive information. This can be done physically by accessing a computer or network to steal local files or by bypassing network security remotely. The latter is often the method used to target companies.

What is a data breach GDPR?

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.

What to Do After a Data Breach?

  • Determine what was stolen.
  • Change all affected passwords.
  • Contact relevant financial institutions.
  • Contact the credit-reporting bureaus.
  • Sign up for a credit- or identity-monitoring service.
  • If your identity does get stolen.

What should companies do to protect your data from data breaches?

Here's how:

  • Keep Only What You Need. Inventory the type and quantity of information in your files and on your computers.
  • Safeguard Data. ...
  • Destroy Before Disposal.
  • Update Procedures.
  • Educate/Train Employees.
  • Control Computer Usage.
  • Secure All Computers. 
  • Keep Security Software Up-To-Date.

How can data breaches be prevented?

  • Below, we discuss six solidly proven ways to prevent cyber security breaches from occurring at your company.
  • Limit access to your most valuable data.
  • Third-party vendors must comply.
  • Conduct employee security awareness training.
  • Update software regularly.
  • Develop a cyber breach response plan.

What are my rights under GDPR?

The GDPR provides the following rights for individuals: ... The right to erasure.The right to restrict processing. The right to data portability.

The following are the steps usually involved in a typical a breach operation:

Research: The cybercriminal looks for weaknesses in the company’s security (people, systems, or network).

Attack: The cybercriminal makes initial contact using either a network or social attack.

Network/Social attack: A network attack occurs when a cybercriminal uses infrastructure, system, and application weaknesses to infiltrate an organization’s network. Social attacks involve tricking or baiting employees into giving access to the company’s network. An employee can be duped into giving his/her login credentials or may be fooled into opening a malicious attachment.

Exfiltration: Once the cybercriminal gets into one computer, he/she can then attack the network and tunnel his/her way to confidential company data. Once the hacker extracts the data, the attack is considered successful.