Any accidental or deliberate disclosure of confidential information to an unknown network is termed as a Data Breach. The United States of America and most European countries account for an overwhelming majority of the big data breaches. What’s more worrying is the rate at which data breaches are hitting and impacting businesses show no signs of slowing.
What is Data Breach & Types
In general, there are three types of data breaches. They are:
- Physical – It can also be referred as ‘Corporate Espionage’ or efforts to obtain trade secrets by dishonest means, as by computer-tapping.
- Electronic – unauthorized access to a system or network environment where data is processed, stored or transmitted. Access can be obtained via web servers or web sites to a system’s vulnerabilities through application-level attacks.
- Skimming – It is the capturing and recording of magnetic stripe data on the back of credit cards and debit cards. This process uses an external device which is sometimes installed on a merchant’s POS without their knowledge.
Recent Data Breach Incidents
There were several incidents of the data breaches that resulted in the selected loss of 30,000 records in the recent past. You can find more information about it in the form of a visual representation on this website. It offers a beautiful & informative tour to world’s biggest data breaches in recent years.
Some of the major Data Breaches were:
Madison Square Garden Credit card data breach: Massive year-long credit card breach reported at Madison Square at four of its venues in New York City. The breach compromised credit and debit cards used at concession stands.
Yahoo Email Accounts Hacking: The email giant discovered a major cyber attack when an unauthorized party broke into the accounts of Yahoo users via “forged ‘cookies’” – bits of code lying hidden in the user’s browser cache so that a website doesn’t require a login with every visit. The company claimed the breaches were “state-sponsored” and also acknowledged the fact that proprietary code was accessed by a hacker.
Anthem: In Feb 2015, D.O.B, member ID. Social security number and other related information of the members of Anthem, the second largest health insurer in the US was stolen. The medical data breach of information held by Anthem Inc affected 80,000,000 users.
Brazzers Data breach: On September 2016, Hackers cracked porn site Brazzers, spilling details of over 8 lakh users. This included unique email addresses, user names, plaintext passwords and more. Fortunately, most of the entries were duplicates.
Dailymotion attack: One of the world’s most popular video sharing site suffered a data breach that involved the loss of tens of millions of users email addresses and associated passwords on 6th December 2016.
Ways to prevent Data Breach
Preparedness and Proactivity are the keys to stopping this growing menace. More energy and efforts are put into cleaning up the mess, after a breach has occurred, than planning for the breach and having a quick response system in advance. Everyone should have an incident response plan to control the situation during a breach. It helps in controlling actions and communication, and ultimately lessen the impact of a breach.
A vast majority of the data breach incidents can be stopped by resorting to an approach of a layered defense. This approach to network security ensures, if an attacker manages to penetrate one layer of defense, he is immediately stopped by a subsequent layer. How is this done? By reducing the Attack Surface.
The term denotes the total sum of the vulnerabilities in each computing device or network that are accessible to a hacker. Anyone attempting to break into a system begins mainly by scanning the target’s attack surface for possible attack vectors (whether for an active attack or passive attack). So, the first step in the strengthening of the defense is to close unnecessarily open ports and limit the resources that are available to untrusted users through MAC address filtering.
Reducing Vulnerability to Phishing Attacks
Phishing is one of the most widely used methods of identity theft. One can stay safe and avoid falling prey to it by keeping a check on simple things like, staying alerted of emails that come from unrecognized senders, emails that aren’t personalized and emails that ask you to confirm personal or financial information over the Internet and make urgent requests for this information.
Besides these, a number of industry guidelines and government compliance regulations mandate strict governance of sensitive or personal data to avoid data breaches. Countries, where such a framework is absent or weak, should adopt robust laws to protect consumers.