Data breach, security breach, cyber incident, cyberattack—they’re used interchangeably, but they don’t mean the same thing. Why is understanding what is a data breach—versus these other types of incidents—important?
Whether an occurrence that may or may not involve the exposure of personal sensitive data determines among other things, which departments in your organization should get involved, what actions should be taken, any legal and regulatory obligations, and if notification is required and to whom.
What is a data breach versus a cyber breach or security breach?
Let’s start with a security breach, which often means a cyber incident (synonymous with cyberattack) in today’s digital word. It is an attempt by cybercriminals, hackers, or other digital adversaries to access a computer network or system usually to steal, alter, destroy, or expose information. Common types of cyberattacks include malware, denial-of-service (DoS) attacks, phishing, spoofing, identity-based attacks, and insider threats.
A physical breach can also be security breach. For example, if a castle under siege is stormed by a hostile army scaling the castle walls and entering the castle’s perimeters, this is a security breach of the physical kind.
Fast forward from the Medieval ages to the present. A good example of a security breach (also defined as a cyber incident) occurred in July 2024, when a faulty software update for Microsoft Windows caused a global IT outage that disrupted airline operations.
So, what is a data breach? A data breach a subset of cyber incidents that is focused on the data itself. A data breach is when someone unlawfully gets their hands on certain types of information, including confidential, private, protected, or sensitive information, sees it, takes it, or exposes or leaks it. This includes personally identifiable information (PII) like social security numbers, financial information, health records, or other sensitive data.
Although not every cyber incident leads to a data breach, it often happens as a result of one.
What do Yahoo!, Equifax, Facebook, and LinkedIn have in common?
These companies experienced some of the biggest data breaches in history. Yahoo!, for example, disclosed in 2016 that three billion user accounts had been compromised ,thanks to a group of Russian hackers infiltrated the company’s database using backdoors, stolen backups, and access cookies, managing to steal sensitive user information. In addition to a $35 million fine and a whopping 41 class action lawsuits, the data breach affected Yahoo!’s deal with Verizon, dropping the sale price by $350 million.
Each day, companies of all sizes experience a data breach, as chronicled in Cybercrime Magazine, with new and emerging threats, including advanced persistent threats and malware attacks, regularly bombarding organizations.
What is a data breach impact?
When an organization’s data has been breached, they must figure out—as quickly as possible—three things:
- What data breach category does it fall into (e.g., what was the cause)?
- What kind of data was compromised?
- What is the impact on the data itself?
This is because the answers to these questions determine what next steps to take from an operational, legal, and regulatory compliance perspective.
What is a data breach cause? This is how it happened, whether it is a hacking insider or insider threat to physical theft of devices, laptops, or USB drives to social engineering (like phishing) or simply a matter of human error, such as improperly disposing records or emailing information the wrong person.
What is a data breach by type of data compromised? This is critical to get your arms around quickly, as the exposure of different types of data will carry different consequences and necessitate different responses. For example, HIPAA’s Breach Notification Rule requires entities to notify patients when their protected health information (PHI) is breached, along with the HHS.
What is a data breach impact on data? Finally, what did the data breach actually do to the data? The remediation strategy depends on how data breaches are categorized by their impact on the data. For example, a confidentiality breach is when sensitive data is exposed to unauthorized parties. In an integrity breach, data is altered or destroyed. In an availability breach, access or use of your data is disrupted.
By gaining rapid insight into these questions, organizations can quickly understand the scope of the data breach and contain its impact.
What is a data breach response?
However, data breach extends beyond simply containing the impact of the breach; it’s important to have a robust response plan. It’s critical to get the right people in the right seats as quickly as possible—from getting systems back up and running to understanding the scope of the breach to looking at what the data universe is that is believed to be compromised, understanding the legal framework(s), and complying with data breach notification requirements.
Organizations need to act fast and take the following steps:
- Build and maintain a comprehensive evidentiary record to ensure transparency.
- Conduct an internal assessment to determine precisely what happened, how to classify it, and who was affected.
- Create a comprehensive list of disclosure and notification requirements, which vary state to state, country to country, and contract to contract.
- Develop notification lists to meet state, attorney general, and other regulatory-driven notification obligations and timelines.
It’s best practice to consider what is a data breach—versus other cyber incidents or attacks that do not expose or compromise personal sensitive data—in an organization’s response.
UnitedLex can help organizations augment their data breach response by providing rapid insight into the potential severity, and quickly defining the extent of exposure and the obligations to the company, customers, employees, and third party. Let’s talk.