Data Breach is the intentional or unintentional release of secure or private and confidential information without the knowledge or authorization of the system’s owner. This is a major issue of the present day and millions of people have already faced this. This type of cyber-attack and security breach is becoming more common. One can physically access a computer or network to steal local files or one can bypass network security remotely. And therefore, Data breach results in the loss of millions and billions of private records, confidential information. It affects both individuals as well as companies and organisations. Previously, the rules and regulations regarding personal data online were lenient.
However, the coming of GDPR, the rules and regulations improved. Now protecting any information of a user is the priority. In the meanwhile, companies also need to comply with the GDPR guidelines. Organisations with incidents of data breach need to publically announce about the breach. And in addition to this, companies with data breach also need to pay fines. According to GDPR, fines for data breach goes up to 4 per cent of annual turnover in any incident of data breach of a European Union citizen. To know more about GDPR check here: Important Facts About GDPR
Data breach is a part of cyber-attack. Cyber-attack is any type of offensive activity that targets computer information systems, infrastructures, computer networks or personal computer devices, Therefore, usually, cyber-attacks originate from an anonymous source. The main target of cyber-attack is to steal alter or destroy a specified target by hacking into an unprotected or susceptible system. With the advancement in technology, the rate of cybercrimes, cyber-attacks, as well as data breaches, are becoming more complex and dangerous.
Malware: Malware breaches a network through a vulnerability. If a user clicks a dangerous link or email attachment, then it installs risky software. Thereafter, Malware can block access to key components of the network, covertly obtain information, disrupt the system and so on.
Phishing: Phishing is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email. In short, the goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine.
Man-in-the-Middle & Denial of Service: A man-in-the-middle attack is an attack where the attacker secretly relays and possibly alters the communication between two parties. Although the parties believe that they are directly communicating with each other. A denial-of-service attack on a network is flooding it with useless traffic and bringing down the network.
Some other forms of Cyber-attacks include: SQL injection, Zero-day exploit, Syntactic attacks (virus, worms, and Trojan horses), Semantic attack (modification and dissemination of correct and incorrect information)
Similar to every other year, 2018 also had its share in data breaches and cyber-attacks. Here are some of the major ones:
Hacking of MyFitnessPal, a mobile app of Under Armour (a seller of fitness apparel) compromised 150 million accounts. Username, email address and passwords were stolen. However financial data was unaffected.
India’s national ID database, Aadhar, data leak made information of billions of Indian citizen vulnerable. “An agent” sold a software where anyone can enter any 12 digit number and retrieve any type of information stored in there. And in addition to this, with further payment, card printing facility was also available.
Florida based marketing and data aggregation firm left a database exposed on a publicly accessible server. While the exact number was not available, the breach exposed roughly 340 million individual records.
Political data firm, Cambridge Analytica collected personal information of 50 million Facebook users via an app. Though the numbers are not sure, the estimate states that it is more than 87 million.
The data breach at Panera Bread resulted in the compromise of 37 million records. Despite the company initially downplaying the severity of the breach and indicating fewer than 10,000 customers had been affected.
On February 28, 2018, the version control hosting service GitHub was hit with a massive denial of service attack, with 1.35 TB per second of traffic hitting the popular site. Although GitHub was only knocked offline intermittently and managed to beat the attack back entirely after less than 20 minutes, the sheer scale of the assault was worrying; it outpaced the huge attack on Dyn in late 2016, which peaked at 1.2 TB per second.
While hackers and attackers are constantly looking for new ways to launch attacks. It is, however, possible by simple means to protect any data breach. Therefore, it is better to prepare and take measure to make things as secure as possible.
Here are some tips on improving security.