What is a data breach?

A data breach occurs when sensitive or confidential information is accessed, disclosed, or stolen by an unauthorized person or entity. Information typically targeted in a data breach includes personal data, such as names, addresses, phone numbers, Social Security Numbers, financial data, credit card numbers, login credentials, and other confidential information.

The source of a data breach can be manifold, occurring due to cyber-attack, unresolved vulnerabilities, insider threat, misconfiguration of systems, or even simple human error.

Data breaches can cause significant harm to individuals and organizations, including identity theft, financial loss, reputational damage, and legal consequences. Organizations that experience data breaches may also face regulatory fines and penalties, as well as loss of customer trust and loyalty.

What responsibility do organizations have when a data breach occurs?

Depending on many factors, including the data affected by a breach and where the organization conducts operations, there are specific regulatory requirements that govern an organization’s responsibility after detecting a data breach. 

In the United States, for example, individual states have specific disclosure requirements on the books. Organizations conducting business in the EU must comply with the EU General Data Protection Regulation, or GDPR, and many other nations around the world have similar regulations in place.

Related Topics
NIST
ISO 27001
Critical assets
Security operations

Stay Connected

Subscribe to the latest JupiterOne news

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Recommended resources

Datasheet
CSPM Datasheet | JupiterOne + AWS
Report
The 2023 State of Cyber Assets Report
Datasheet
CAASM Datasheet | JupiterOne
Report
Forrester | Total Economic Impact of JupiterOne
eBook
The Cyber Defense Matrix
Video
CEO Erkang Zheng answers 5 critical cybersecurity questions for organizations