What is a data breach?

A data breach occurs when sensitive or confidential information is accessed, disclosed, or stolen by an unauthorized person or entity. Information typically targeted in a data breach includes personal data, such as names, addresses, phone numbers, Social Security Numbers, financial data, credit card numbers, login credentials, and other confidential information.

The source of a data breach can be manifold, occurring due to cyber-attack, unresolved vulnerabilities, insider threat, misconfiguration of systems, or even simple human error.

Data breaches can cause significant harm to individuals and organizations, including identity theft, financial loss, reputational damage, and legal consequences. Organizations that experience data breaches may also face regulatory fines and penalties, as well as loss of customer trust and loyalty.

What responsibility do organizations have when a data breach occurs?

Depending on many factors, including the data affected by a breach and where the organization conducts operations, there are specific regulatory requirements that govern an organization’s responsibility after detecting a data breach. 

In the United States, for example, individual states have specific disclosure requirements on the books. Organizations conducting business in the EU must comply with the EU General Data Protection Regulation, or GDPR, and many other nations around the world have similar regulations in place.