A personal data breach occurs when there's a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data processed. If this happens, the organisation holding the personal data must notify the supervisory authority without undue delay
After paying off fines, the breached company also has to deal with reputational damage. Breaches have a massive negative impact on a company's customer base, particularly if the breach involved sensitive data. Customers lose confidence in the brand and don't feel that their data is secure
Understanding hackers’ motives is important for developing strong data protection strategies. If you don’t know exactly why attackers want to steal your data, it’s difficult to plan effective measures for stopping them
It’s important to understand exactly how a social media hack took place in order to prevent further attacks in the future. Here are the most common ways hackers access your account:
Data breaches like the recent theft of 3 billion accounts’ worth of data at Yahoo! are designed to steal personal information.
Attackers can then exploit that information to break into other accounts, attempt to steal identities and so on.
As an end-user, the best way to protect yourself against this threat is to avoid using the same password for multiple accounts, so that if an attacker steals your password for one service, he won’t be able to use it to break into another one.
For similar reasons, you should be careful about how you configure password recovery questions, which can do more harm than good.
Meanwhile, if you are an organization that is responsible for overseeing data that could be used for identity theft, you can mitigate the risk of identity theft by resisting the temptation to collect unnecessary personal information.
You can also spread data across multiple storage locations so that a breach of one data set does not provide attackers with complete account information.
And you should design strategic data retention policies. You want to store data for as long as you need (and make sure you meet compliance requirements in that respect), but avoid keeping it around longer than necessary, because unnecessary data storage is a security risk.
Servers and storage arrays are expensive. Some hackers want to break into your systems so that they can store data and host applications on your infrastructure, instead of paying for their own.
One way to mitigate the risk of this type of attack is to avoid exposing infrastructure to the public internet unless necessary. If hackers can’t see how much infrastructure you have, they’ll be less likely to want to take control of it.
Of course, firewalling off your internal infrastructure is no guarantee that hackers won’t still hack it. They might find ways to get past your perimeter defenses. But as a best practice, your public-facing services should be limited to those that strictly need to be public-facing. Unfortunately, some attackers want to steal your data just to prove that they can. They are not motivated by monetary gain, access to free resources or the ability to steal your users’ identities.
They simply want to prove to themselves – and their hacker friends, perhaps – that they can break past your defenses.
The greater your company’s reputation, the more tempting it is for attackers to show that they defeated your security measures.
There is no particular way to respond to these types of attackers. You simply need to follow data security best practices in general. Monitor your systems for signs of attack, lock down access control and avoid unnecessary attack vectors.