A data privacy breach refers to an incident in which information is stolen or taken without the owner’s permission or knowledge. The data is exposed to unauthorized individuals who gain access to confidential, sensitive, or protected information.
A data breach can relate to personal and corporate data.
Personal information data breaches concern:
- Social Security numbers
- Bank account numbers
- Medical records
Corporate data breaches concern:
- Financial data
- Customer information
- Employee data
Data leaks can lead to identity theft and other forms of fraud.
Companies may suffer serious consequences as a result of a data breach, such as high fines. The highest fine of $5 billion was imposed on Facebook for their scandal involving Cambridge Analytica. The more long-lasting consequences for organizations include reputation and loss of customer trust.
One of the first major data privacy breaches was the 2011 PlayStation Network outage. During the attack, the personal information of 77 million users was leaked, including their names, addresses, emails, and passwords.
Below are other examples of recent privacy breaches:
2012, LinkedIn – At first, the company announced that hackers stole 6.5 million passwords. However, in 2016 LinkedIn revealed that the actual number was much higher and amounted to 167 million accounts. The incident highlighted the need for strong password management practices.
2013, Target – The breach resulted in compromising the credit card data of 40 million customers. Target announced that criminals stole the personal data of 110 million customers, including their names, addresses, and phone numbers.
2013-2014, Yahoo – In two years, Yahoo survived two cybersecurity attacks, which led to a reputation scandal and subsequent sale of the company. The specific number of compromised accounts is unknown: Yahoo talked about 1.5 billion, but the company’s owners thought the attacks could have impacted all users. In 2015, the stolen data was put up for sale on the dark web, and at least three different individuals bought a copy of the data for $300,000 each.
2016, Uber – In this breach, the private data of 50 million customers and 7 million drivers was exposed, including names, email addresses, and phone numbers.
2017, Equifax – This case is still considered to be one of the biggest security break-ins. The personal data of approximately 147 million people was leaked, including their Social Security numbers, birthdates, and addresses.
2018, Marriott – Hackers stole the personal data of up to 500 million customers, including names, addresses, and passport numbers.
These cases had an impact on legislation around the world. A range of new laws were adopted, including GDPR (2016).
You may also like:
Data privacy laws in the United States and how they affect your business
11 new privacy laws around the world and how they’ll affect your analytics