Data Breach is defined as a security violation, which involve Sensitive, Unauthorised and confidential Data to be copied, Transmitted, exposed, stolen by an unauthorised individual for the purpose of personal gain or Malicious intentions. Data Brach influence a wide range of impact ranging from an Individual to the Giant corporations and Governments. With the increase in User Dependence on Internet of things and the rapid evolution of technology, it is much easier to collect, process data. However, the ineffective information security or the security mechanism to protect information is vulnerable to Data Breaches.
“ISO/IEC 27040 defines a data breach as: compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise processed”
Personal Data Breachs expose millions of Personal details or billions worth of corporate details like Intellectual property details and government data. Data Breach can happen from internal or external. It directly or indirectly cost great expense for organisations dealing with high volumes of data. Much of the data breach may not have any effect or likely to be mitigated with low amount of damage. However, some data breach may cost huge burden for some Organisations. Till date yahoo data breach in 2016, was the most expensive data breach with costing nearly $1 Billion.
“The cost of cybercrime continues to climb; it’s expected to double from $3 trillion in 2015 to $6 trillion by the end of 2021 and grow to $10.5 trillion by 2025. The average cost of a single data breach in 2021 was $4.24 million, a 10% jump from 2019, according to Deloitte”
With the increase in technology and altering user behaviour with evolving IOT, Information security has become a Substantial affair. Data breaches can be classified by amount of user information leaked; Value of Information leaked etc. Healthcare, energy, banking, utilities are some of the industries which are mostly affected with Data Compromises. The top 10 Data Breaches of 2021 are:
Around 700 million LinkedIn user data was compromised in June 2021. This was Second Data Breach in LinkedIn after 2012 where 200 million users’ data was leaked.
In April 2021, nearly 533 million Facebook user data has been compromised containing usernames, passwords, locations etc.
3. Social arks
In January 2021, around 200 million user data has been breached from this Chinese social media agency through its unsecured Elasticsearch database. The scrapped data was mostly non encrypted and not password protected.
This Men’s clothing brand suffered a data breach in January 2021 compromising 12.3 million user data. The company claims that the data breach was targeted by cybercriminals through backup servers containing customers data.
125GB of sensitive data with potentially 7 million user data has been leaked from this company owned by Amazon. Unlike other data breaches, the data leaked from Twitch
was almost the entire twitch data code. Hence it may have impacted all of its users.
6. Neiman Marcus
This US based Retailer lost nearly 4.8 million user data information. Most of the data was banking details of the users.
7. Meet mindful
The Dating app lost nearly 2.28 million user data. Most of the data posted on dark web was primarily private information of the users.
Nearly 1.9 million user database of Pixlr was breached in January 2021.
9. Four Sports warehouse brands
The most recent data breach reported in 2021. About 1.8 million user data of four sports stores namely Tackle Warehouse LLC, Running Warehouse LLC, Tennis Warehouse LLC, and Skate Warehouse LLC were breached. Most of the Credit card details of customers were breached.
About 1.1 million user data of UK based Jewellery store was Breached. User data of high-end customers like Donald Trump, Saudi crown prince were leaked.
*Breach related information are taken from Public Sources
Points to consider
Most of the data breaches happen because of ineffective cybersecurity practices followed by the organisations dealing with data. In the past most data breaches have been unexposed or Concealed by the Data Fiduciaries. However, with the evolving strict data protection laws, it was made mandatory to notify any data breach and the measures taken by company to mitigate the damage.
Many organizations decrease the risk of a data breach by implementing a Privacy Information Management System (PIMS) to safeguard internal and external personal data stored by them. Privacy Frameworks based on Generally Accepted Privacy Principles and certification frameworks like ISO 27701 are becoming even more popular for organizations to adopt to.