A Quick Guide to Data Breach
Data breach is either unintentional or intentional release of private/confidential or secure information to untrustworthy environment. Some of the terms used for this are data leak, data spill and also, unintentional information disclosure. This said incidents can also range from organized attacks by some black hat hackers associated with organized crime, national governments or political activities to careless disposal of used data storage media or computer equipment and systems.
The simplest definition for data breach is a kind of security incident to which sensitive, confidential or protected data is transmitted, viewed, copied, stolen or even used by individual unauthorized to do so. Data breaches might also involve financial information like bank details or credit card, PHI or Personal Health Information, PII or Personal Identifiable Information, intellectual property or trade secrets of corporations. Majority of the data breaches involve vulnerable and overexposed unstructured files, data, documents as well as sensitive information.
This can also include incidents like theft or even loss of digital media similar to hard drives, computer tapes or even laptops or computers that contain media upon which the information is stored unencrypted, posting the information on the internet or on computer. Otherwise accessible from the web without proper information security precautions, transfer of this information to a system which isn’t open completely but isn’t formally or appropriately accredited for security at approved level like transfer of such info to information systems of a possible hostile agency like a foreign nation or competing corporation where the data can be exposed to a more intensive techniques in decryption.
The concept of trusted environment is somewhat fluid actually. Trusted staff members leaving while still having access to sensitive info might be a data breach if the staff member retains access to data subsequent to the termination of trust relationship. This might take place with breakdown in web of trust in distributed systems.
As a matter of fact, most of these incidents are publicized in media involving private info on individuals like social security numbers and the likes. Loss of corporate information such as sensitive corporate info, details of contracts, trade secrets and so on or of government information is unreported all too often. This is mainly because of the reason that there is no compelling reason to do such in the absence of potential damage to the private citizens and even publicity around such event may be more damaging than losing the data itself.
In relation to this, the first move to be made is to call a data breach lawyer in order to settle things and apply the right legal action at the same time.