Already in 2024, nearly 10,000 publicly disclosed global data breaches affected hundreds of millions of user records. Apple, Meta, and Twitter all succumbed to data breaches in 2024 (and numerous times in the past), providing the public and its shareholders with a stark reminder that malicious activity constantly makes user data susceptible to cybercriminal activity, no matter the platform or level of password security.
These breaches can incur significant financial losses to companies and their customers. IBM’s Cost of a Data Breach Report (2023) noted that a data breach costs an average of $4.5 million. Not every business proactively defends or considers these real dollar stakes worthy of defense until unauthorized access to user accounts has already occurred. And attackers aren’t slowing down: they continuously learn to employ new, sophisticated attack vectors and techniques, from business email compromise to social engineering to relentless brute force attacks.
As our reliance on data for business operations and the carousel of customer service increases, so does the risk of bad actors finding ways to breach unprepared systems and security teams that ignore the value of an incident response plan or common data breach attack countermeasures.
What is a Data Breach?
A data breach occurs when sensitive, confidential, or protected data is accessed, disclosed, or used without authorization. This can involve personal information, financial records, intellectual property, or any other type of data that should remain secure. It can occur from inside an organization—like human error or poorly implemented policy—or from a malicious attack outside the organization.
By understanding the different types and sources of data breaches, businesses can implement better security policies, platforms, measures, and teams to protect their and their customers’ sensitive information.
12 Unique Types of Data Breaches
Data breaches can occur in many different ways. Access control breaches often happen when hackers exploit weak passwords or misconfigured security settings. Remember the infamous Yahoo breach, in which over 3 billion accounts were compromised?
In 2016, spear-phishing emails led to unauthorized access to confidential emails within the Democratic National Committee (DNC). Insider threats, whether malicious or accidental, involve misuse of human access, such as Edward Snowden’s intentional plan to steal classified NSA data. Even physical security breaches, like taking physical assets off-premise, demonstrate the importance of holistic data security systems.
Understanding the common types of breaches helps organizations develop comprehensive security strategies to protect their data from various attack vectors. Breaches can occur in numerous ways, each with distinct characteristics and implications.
1. Access Control Breaches
When unauthorized individuals bypass your company’s security measures, they will eventually access networks. There are a bevy of ways in. Weak passwords, poor password management practices, and poorly configured network security settings without backup response protocols will contribute to a data breach. In the 2016 Uber breach, hackers used a compromised password (bad access management) to access a private GitHub repository and stole sensitive data on 57 million users and drivers!
How It Affects Your Organization
Unauthorized access resulting from an access control breach can incur a range of direct costs—fines, legal fees, and remediation expenses—as well as indirect costs, like loss of customer trust and revenue decline. The 2016 Uber breach led to a $148 million settlement with regulators. It significantly damaged the company’s reputation during a material growth period, including fierce competition with both Lyft and substitute travel services.
2. Phishing & Social Engineering
The two most common ways to trick an individual into accidentally revealing confidential information through compromised actions should come as no surprise. Phishing and social engineering attacks often involve emails disguised under products, sites, and brands familiar to the user or phone calls that may appear from known area codes but seek to capture sensitive PII. According to last year’s Verizon Data Breach Investigations Report, phishing remains the primary source of data breaches, accounting for nearly 36% of all breaches in 2023.
How It Affects Your Organization
Successful phishing and social engineering attacks often lead to unauthorized network and data access. In the most severe cases, these two types of infiltration also lead to secondary breaches and a much broader scope of compromised systems and data. Business operation disruption compounds when attackers use stolen credentials to bypass first-order security protocols and access critical infrastructure—a terse reminder that network segregation is essential to advanced security postures.
3. Insider Threats
Insider threats are exactly what they sound like: individuals within your organization, typically employees but also contractors, with system or data access privileges who use that access to networks to steal data. These threats can sometimes be simple negligence but often involve premeditated, malicious behavior.
In fact, according to the Ponemon Institute, 63% of insider threat incidents involved negligent employees, not intentionally malicious insiders (2022). Regardless, these security incidents come with significant financial losses for an organization unprepared to proactively defend: the average annual cost of insider threats for organizations is $15 million (Ponemon, 2022).
How it Affects Your Organization
Insiders often have legitimate access to critical systems and data, like credit card details or medical records. These are incredibly valuable, high-volume targets for potential threat actors. The Edward Snowden example from above is relevant! An NSA contractor at the time, Snowden accessed, stole, and leaked classified information, causing a firestorm of repercussions for his company and the USG, including extensive legal battles and significant, unplanned expenditures on corporate security overhauls, not to mention both business and brand reputation loss for his contractor.
4. Business Email Compromise (BEC)
Business email compromise generally involves phishing or malware attacks to access a company’s email accounts. With that access, a bevy of sensitive information can be used to commit fraud before system alerts trigger the appropriate reactions. This is not unlike identity theft in the real world, whether using a driver’s license or credit card credentials to defraud the ID holder and disappear.
In that same vein, access to a corporate email account at any level allows the impersonation of someone within the corporate directory. It can be used to delve further into a network for a specific data set or critical IP. The 2016 Bangladesh Bank breach typifies the devastating simplicity of such an attack: hackers used a small number of compromised email accounts to fraudulently transfer $81 million!
How it Affects Your Organization
Email compromise can have severe consequences for any organization. Just ask the FBI, which has several divisions that respond to these cybercrimes at scale, like the Internet Crime Complaint Center. In 2021 alone, business email compromise-related scams resulted in $2.4 billion in financial losses, nearly topping the list of most financially damaging cyber threats that year. In addition, and potentially even more harmful, these security incidents often alert regulatory bodies, disrupting operations, reputation, and enterprise value.
5. Physical Security Breaches
Physical security breaches are precisely what they sound like: someone plans and gains unauthorized physical access to a business location and executes a physical theft of proprietary or sensitive information. Too often, that information is not encrypted! Almost a decade ago, a bad actor who planned a physical breach from a Children’s Hospital in Boston stole a work computer that contained medical PII for over two thousand patients.
How it Affects Your Organization
Verizon’s reporting arm published a study in 2022 on data breaches by physical theft, reporting that those types of losses accounted for 5% of all data breaches that year. The Ponemon Institute reported that physical security breaches averaged $2 million per incident: recovering stolen data and paying for fees related to legal proceedings and regulatory fines can add up quickly. This does not account for lost client revenue and the low probability of occurrence, as physical breaches are much less in vogue than digital security breaches like phishing.
6. Distributed Denial of Service (DDoS)
DDoS attacks are a form of brute force attack that uses a botnet of multiple connected devices to generate an immense volume of fake traffic requests. These requests create a “flood” of network server activity and effectively paralyze services available to legitimate users related to your business—employees, and contractors. A significant DDoS incident happened eight years ago when the Mirai botnet—a slew of infected IoT devices—temporarily paralyzed Twitter, Netflix, Reddit, and other websites.
How it Affects Your Organization
DDoS attacks are nasty disruptors of business operations and brands: in some cases, both downtime and revenue loss are significant. DDoS attacks can imply a casual attitude toward customer trust and network security, as these attacks can be proactively noticed and prevented. Netscout reported in 2023 that DDoS attacks surged to over 10 million attacks globally in 2022 – a clear sign of their attractiveness to attackers at nearly 27 thousand daily!
7. Malware or Virus
Malware attacks refer to software with embedded viruses, worms, trojan horse applications, ransomware, or spyware designed to damage a computer, server, or network. Malware attacks almost always steal data once triggered and can quickly spread to other networked systems by intention.
Most antivirus programs, aka anti-malware software – can stymie malware from causing corporate harm. Still, education that reinforces the importance of identifying phishing attacks is also necessary, as malware attacks have much greater value when targeting corporate networks.
How it Affects Your Organization
During the 2017 WannaCry malware attack, attackers entered Microsoft Windows and infected the platform with ransomware. This impacted nearly 230,000 computers globally! The attackers then demanded Bitcoin payments in exchange for restored access. Microsoft experienced time, money, goodwill costs, and significant operational downtime.
8. Supply Chain Attacks
A supply chain attack involves bad actors targeting vendors in a supply network. Supply chain attacks use third-party services or products integrated with your company as backdoors into the network and prime data theft opportunities. These exploit the trust of your vendors and can lead to material breaches of data and operations that expand beyond just the infiltrated third party. Think of supply chain attacks as a potential network effect of damage.
How it Affects Your Organization
This breach type has far-reaching implications depending on the breadth and depth of your vendor portfolio and their respective security systems. Supply chain attacks are a great reminder that vendor reviews are critical to an A-class security system.
In the 2020 SolarWinds attack, hackers inserted malicious code into a software update named Orion that had thousands of customers…including public companies and numerous national governments. For months afterward, those hackers spied on those customers and stole data from specific targets. SolarWinds then spent significant expense on remediation and legal proceedings while dealing with negative publicity.
9. Ransomware
Ransomware is malware that encrypts an organization’s data, rendering it inaccessible until a ransom is paid to the attackers. These types of attacks are growing in frequency and magnitude. In 2022, there was a 75% increase in successful and unsuccessful ransomware attacks. By 2031, ransomware attacks are predicted to grow to an annual global cost of nearly $265 billion to businesses.
How it Affects Your Organization
We highlighted the WannaCry attack above but did not mention the damage it caused: nearly $4 billion between ransom payments and operational disruptions, showcasing pointedly ransomware’s ability to bring business activities to a halt as they solve downtime, incur productivity losses, and create delays in customer services. The impact on critical infrastructure sectors – like a healthcare data breach – can be particularly severe in the context of patient care or financial transactions.
10. Credentials Stored in Source Code
Storing credentials in source code is a risky and inadvisable practice that can lead to significant security breaches when unauthorized individuals access the source code. This software vulnerability arises when developers embed API keys or other sensitive information directly into code. While convenient, this practice is easily exploitable. For example, approximately 190,000 users of Docker were affected in 2019 because Docker’s public repositories stored user credentials.
How it Affects Your Organization
According to a 2021 study by GitGuardian, over 6 million secrets were detected in public GitHub repositories alone. The IBM X-Force Threat Intelligence Index 2022 reported that exposed credentials were involved in 29% of cloud security incidents. When companies treat user credentials as replaceable instead of trusted assets, those companies attract attackers.
11. Human Error
Human error remains a significant contributor to data breaches. We are human, after all! In 2023, several publications found human error responsible for 1 in 4 data breaches. Something as simple as misconfigured security settings – an error that can go undetected for weeks post-configuration – can expose sensitive data unknowingly.
Likewise, falling victim to a phishing attack, no matter how educated and aware an employee is, still exists as a non-zero probability. Sometimes, an employee sends the wrong attachment to the wrong person.
How it Affects Your Organization
So far this year, data breaches caused by human error have taken an average of 217 days to identify and 77 days to contain (IBM). Now consider the opportunity cost of time spent on fixing a breach instead of breach prevention and operating a complex business with PII. The more prolonged remediation takes the more serious the long-term effects, like customer trust issues, contract cancellations, and extensive employee training programs to prevent future incidents.
12. Keystroke Recording
Keystroke recording, aka keylogging, involves installing malicious software or hardware to record user keystrokes and capture everything typed on a keyboard, including (most valuably) user credentials.
Keylogged data allows unauthorized access to whichever corporate system the stolen data opens, making confidential information easy to steal. Malicious software keystroke recording must be practical and tied to several attack types mentioned earlier in this article, including phishing emails and direct physical access to the target device.
How it Affects Your Organization
Keylogging attacks can have severe repercussions for organizations. If an attacker acquires a critical set of credentials, data, and operations are susceptible to damage. When undetected, prolonged data exposure can lead to deeper contextual theft or even a download of IP that renders a business far less valuable.
Costs of a Data Breach
Financial Costs
Last year, IBM’s Cost of a Data Breach Report—an annual report detailing a range of costs related to cybercriminal activity—disclosed what this article has highlighted throughout: that the average cost of a data breach is significant. 2023 data breach costs reached a record high of $4.5 million!
These costs included financial losses, legal fees, fines, lost customers, and other remediation like training, new policy creation, security system upgrades, forensics investigations, and credit monitoring subscriptions for affected consumers. When a business is financially unprepared to mitigate, the wrong timing of an attack can result in a total, permanent shutdown.
Operational Costs
Beyond direct financial losses, data breaches can severely disrupt business operations as critical systems that have been breached must be shut down and managed. These operational interruptions halt production, delay projects, disrupt supply chains, and ultimately lead to substantial revenue and reputational damages. Downtime also causes cascading effects, elongating remediation and recovery timelines deepening tangible and intangible business costs.
Reputational
Accenture surveyed a range of customers in 2024 and found that 52% would avoid doing business with an organization that had suffered a data breach. The reputational damage caused by data breaches has long-lasting effects on an organization’s brand and customer trust.
Last year, a prominent bank exposed the personal and financial information of over 5 million customers, losing enterprise value and accounts in the process. The cost of rebuilding a damaged reputation often involves substantial investments in public relations, marketing campaigns, and customer compensation programs.
FAQs
What is the most common form of data breach?
The most common form of data breach is cybercriminals’ unauthorized access to sensitive information. This can occur through phishing attacks, malware infections, or exploiting weak passwords, leaving individuals and organizations vulnerable to identity theft and financial fraud.
What qualifies as a data breach?
A data breach is the unauthorized access, acquisition, or disclosure of sensitive information. This can include personally identifiable information (PII), financial data, healthcare records, or any other type of sensitive data. Cybercriminals often exploit systems or network vulnerabilities through phishing attacks or malware infections to carry out data breaches.
What is an example of a data breach in the workplace?
An example of a data breach in the workplace is when an employee inadvertently clicks on a phishing email and unknowingly provides cybercriminals with access to sensitive company data. This breach can compromise customer information, steal intellectual property, and potentially cause the organization to suffer financial losses.
Conclusion
Data breaches are prevalent and growing. No matter the type of data breach, the consequences can shutter a business for days or, at worst, permanently shatter its enterprise value and ability to operate.
Though various data breach types and consequential damages are associated, organizations can also use many tools to design and implement robust security measures. This investment should not be taken lightly but instead seen as a sound future-proofing practice, as the cost of waiting to be secure can be disruptive. And ultimately, a “should have…” could have been a “glad we did.”
