What is a data breach, how does one happen, and what should you do next?

  • Guides

The number of data breaches has risen in recent years. Some of the most high profile cases in recent times include the Experian 2015 breach that saw hackers acquire over 15 million customer records. And when Uber suffered a data breach in 2016, it risked the exposure of over 57 million customer records and suffered a $148m fine after trying to hide the matter from regulators.

Data breaches are becoming so common that tools are being built for individuals to check if their information has been compromised. But what exactly is a breach, how do they occur and what actions can be taken afterwards to resolve any damage caused?

What is a data breach?

A data breach is when an unauthorised agency manages to access the protected, sensitive, or confidential data of an organisation. This might not always be to steal the data; in some cases it can be simply copied or viewed.

Breaches can be catastrophic for businesses. Allowing company data to be stolen leads to crimes such as identity theft, particularly when customer data including credit card numbers is the subject of the breach. Or corporate espionage where valuable plans, designs or other intellectual property is accessed by the unauthorised party.

A breach usually goes through the following 3 stages:

  1. Probing – the unauthorised party seeks out vulnerabilities in an organisation’s security system. Such weaknesses will not always be systems based. Lax passwords or password sharing is a common form of human error that can lead to breaches.
  2. Penetration – next, the unauthorised party enters the organisations network using one of the vulnerabilities they have discovered. Often this will be through inadequate security placed on routers and other connection devices.There are also instances where staff members and employees can be exploited. Blackmail or even the promise of a share of criminal gains can be used as leverage to get people to help an unauthorised agency access to a network.
  3. Extraction – once the criminals are into a network, the final act is for them to extract the organisation’s data. This could be copying through the internet, putting onto an external device or even simply viewing the data and copying it out in the old fashioned method, by hand.

How do breaches occur?

Data breaches can originate from a number of sources. Although cybercrime and hacking is the top method of network penetration, this is not the only way that unwanted visitors are forcing their way into networks. According to a report by Verizon, one of the world’s top security and GDPR compliance companies, the top 6 methods of breaking into networks are:

Physical Actions

This is when individuals are careless with company data. It could be the theft of paperwork with credit card numbers written down on it or a laptop stolen from the back of a car.

Privilege Problems

These breaches happen when workers either knowingly or mistakenly access data that they shouldn’t see or be able to alter. It can also be when authorised individuals abuse their power to access data and pass it on to criminals.

Social Engineering

Increasingly attacks are coming from criminals pretending to be banks, clients, auditing agencies or even law enforcement. This kind of con trick uses the trust of workers to gain entry to networks. It also concerns email and other electronic communications scams such as phishing, where people pretend to be a provider that the organisation already uses.

Human Error

No matter how many preventative measures are put in place, businesses still suffer from people sending emails to the wrong address, using obvious or common passwords or misconfiguring data so there’s no protection.


The internet is running awry with bots and spy programs that can access networks with little to no human help. Although this dangerous software can cause breaches, Verizon found that the main problem for businesses was actually Ransomware, which has become an increasing issue for everyone in recent years.


Individuals or groups making concentrated efforts to access networks is still the top danger to organisations. These parties may make use of other problems in this list such as social engineering, malware and human error to gain access, but once inside they have the power to cause severe damage.

What are the consequences of a data breach?

Needless to say, all the effects of a data breach are bad for the organisation concerned. In the first instance, the ICO (Information Commissioner’s Office) can fine you under the GDPR regulations. The maximum penalty is 20M Euros or 4% of annual global turnover.

When the dust has settled on the fine, the next problem is the reputational damage caused by the breach. Even if the intrusion was incredibly complex, the perception amongst the public will be that the breached organisation suffered from lax security and inadequate countermeasures.

Most customers will move away from a business that cannot keep their data safe. No one likes confidential information like health records getting out there into the public space. However, if the bank records and credit card numbers of customers are stolen then these individuals will have to take rapid action to avoid identity theft and this is likely to destroy any previous relationship with the organisation.

What to do if your company suffers a data breach

If your company suffers from a data breach then the most important next step is to stay calm. Several experts offer their opinions in this article from Digital Guardian, and we would suggest that you consider the following simple checklist:

  1. Determine what was accessed and taken – task your IT experts and support people with immediately evaluating what data could have been stolen from the business, and the vulnerability exploited by the criminals to get into your network.
  2. Change all passwords – and router configurations. Make sure that no login credentials anywhere remain the same as they were prior to the attack.
  3. Be honest and direct with customers and press – once you have an idea of what’s happened and the people the breach has impacted, let the press know if necessary and start to contact anyone whose data may be part of the breach.
  4. Contact any banks or financial institutions – as most breaches have a financial nature, it is also best to contact all the banks and credit issuing authorities connected with your data. This way they can stop or cancel transactions that appear fraudulent.

How can I avoid a data breach?

One of the most efficient ways of preventing data breaches is the ISO 27001 certification. This data handling management system allows businesses to build a strong protective policy in all areas – from paper document disposal through to IT passwords and architecture.

Thanks to its consistently evolving framework, it allows organisations to effortlessly take on new ideas and implement them at speed. As an example – when patches come out to remove weaknesses in software and operating systems, ISO 27001 gives support teams the procedural basis to get updates rapidly installed.

Find out more about ISO 27001 with our free online course. This has been specifically created by the British Assessment Bureau to provide insight into certification and how it could potentially benefit your business.

profile image of Elizabeth Sheldon
Written by Elizabeth Sheldon

ISMS Scheme Manager - Experienced Senior Lead Auditor with a demonstrated history of working in the information services industry. Skilled in ISO 27001 ISO 9001, ISO14001 and ISO 45001.