A data breach occurs when hackers steal personal information from your company or someone’s information is inadvertently exposed on your website. You might have to notify people whose data was exposed, and you should take steps to prevent similar breaches in the future.
If you do get a data breach, work with your forensics experts to investigate and remediate the situation. Check whether measures such as encryption were in place, and look at backup and preserved data. Examine who had access at the time of the breach, determine what they were doing and why, and restrict access if necessary.
Hackers often gain entry by exploiting security flaws in software, hardware, networks and servers. These holes are sought by criminals to shove malware into, which can then steal information. They can then use that information to commit fraud, blackmail or other attacks.
In one of the most recent breaches, hackers gained access to genetic data from 6.9 million 23andMe users. This information, including family trees and DNA data, is unique, making it a high-profile target for bad actors. It was also one of the largest collections of personal information ever publicly compiled, and it allowed criminals to carry out social engineering attacks and financial fraud.
When a person’s personal information is compromised, they can suffer distress or even financial loss. If they have authorised someone to act on their behalf, like a carer or parent, that individual should be notified as well.