FightCybercrime.org

Recognize, report and recover from cybercrime.

Data Breach

A data breach occurs when an organization's systems are compromised, allowing attackers to access sensitive data. Find out how to recover if your business is impacted.

Get Started Report Cybercrime
Home » Scams » Business Scams » Data Breach

The Basics of Business Data Breaches

A data breach is a security incident in which information is accessed or stolen by unauthorized individuals. Data breaches can occur when personal data is exposed, either online or offline. They can also occur when an organization’s systems are compromised, allowing attackers to access sensitive data.

Data breaches can have a devastating impact on businesses. They can damage an organization’s reputation, lead to financial losses and cause customers to lose trust in the company. In some cases, data breaches can also result in legal action being taken against the organization.

5 Ways Data Breaches Occur
  • Exploiting vulnerabilities: Cybercriminals can exploit weaknesses in systems or networks to gain access to sensitive data.
  • PhishingPhishing is a type of social engineering attack that involves tricking people into disclosing sensitive information, such as login credentials or credit card numbers. Attackers will often use email or instant messaging to impersonate a trusted entity and lure victims into clicking on a malicious link or opening an attachment.
  • MalwareShort for malicious software, malware is any type of code or program that is designed to damage, disrupt or gain unauthorized access to a computer system.
  • Brute force attack: A brute force attack is a type of cyber attack in which an attacker tries to guess passwords or passphrases in order to gain access to a system.
  • Physical theft: In some cases, data breaches can occur through physical means, such as when laptops or other devices containing sensitive information are stolen.
Risks Associated with a Data Breach

Data breaches can cause a variety of problems, including:

  • Financial Losses: A data breach can result in direct financial losses for a company, including the cost of notifying customers or employees, investigating the breach and providing credit monitoring services.
  • Legal Action: A company that suffers a data breach may also be subject to legal action. In the US, for example, a company that experiences a data breach may be subject to lawsuits under state and federal laws such as the Fair Credit Reporting Act.
  • Regulatory Action: A company that suffers a data breach may also be subject to regulatory action. In the US, for example, the Federal Trade Commission has taken action against companies that have experienced data breaches.
  • Damage to reputation: A data breach can also damage a company’s reputation, even if the company is not legally liable for the breach. Customers may be less likely to do business with a company that has experienced a data breach, and investors may be less likely to invest in a company with a damaged reputation.

Step 1:Recognize

Red Flags of a Data Breach

If your business has experienced a data breach, there are several warning signs that you should be aware of. These warning signs can help you determine if your business is at risk for further damage and can also help you take steps to prevent future data breaches.

  • Unexplained decreases in sales or web traffic: If you notice a sudden decrease in sales or web traffic, it could be a sign that your customer data has been compromised.
  • Unexpected changes in financial data: If you see unexpected changes in your financial data, it could be a sign that your business’s accounts have been hacked.
  • Unusual activity on your website: If you notice unusual activity on your website, such as increased traffic from unfamiliar IP addresses or strange user behavior, it could be a sign that your site has been compromised.
  • Employee complaints: If you start to receive complaints from employees about being unable to access company data or systems, it could be a sign that your business has experienced a data breach.
  • Mystery charges on your credit card: If you notice charges on your credit card that you don’t recognize, it could be a sign that your business’s financial information has been compromised.

Step 2:Immediate Actions

Data breaches can be extremely damaging to your business and your customers, so it is important to take action immediately. There are a few things you can do to try to mitigate the damage:

  • Work with law enforcement to investigate the breach.
  • Reach out to an attorney or legal organization for assistance when notifying customers or partners that their information may have been exposed. They will have the most up to date information on applicable state and federal laws.
  • Determine how the breach occurred. Was it a result of a cyber attack or an inside job? Once you know how the breach occurred, you can take steps to prevent it from happening again.

Step 3:Report

Reporting any type of cybercrime, including a data breach, is imperative to help others avoid being scammed. As a society, the more people that report online scams and fraud, the more national reporting data that is collected, and the better chance law enforcement has to catch the criminals and decrease cybercrime.

Report to FBI

Step 4:Recover

How to Protect Your Business from Future Data Breaches

There are steps you can take to protect your business and your customer’s data from future data breaches. Here are some tips:

  • Implement a strong password policy. Employees should use strong passwords that are difficult to guess. They should also never reuse passwords across different accounts.
  • Encrypt sensitive data. This makes it much more difficult for hackers to access and read the data.
  • Keep all software up to date. Hackers often exploit vulnerabilities in old software versions to gain access to systems. By keeping software up to date, organizations can close these security holes.
  • Back up your data regularly. Store your backups offline, so they can’t be encrypted by ransomware.
  • Don’t open email attachments from unknown senders and don’t click on links in email messages from unknown senders.
  • Don’t download software from untrustworthy websites. Only download software from websites you trust.
  • Use a security suite that includes anti-malware protection. A security suite can protect your computer from ransomware and other malware.
  • Educate your employees about cyber threats. Search for free cybersecurity training videos on YouTube.
  • If you have the budget, consider investing in cybersecurity training for your employees to educate them about threats, and what they can do to help protect themselves and the business from cyber attacks.
  • Instruct your employees to report anything suspicious to you or their supervisor.
  • Have a plan in place for what to do in the event of a data breach, so you can quickly contain the damage and minimize the impact on your business.

Take 5 Steps for Better Online Security

It’s important to strengthen your business’ online security to help avoid all cyber attacks. Take action to improve your digital posture by following these steps:

  1. Implement Multi Factor Authentication (MFA): Passwords are generally easy for scammers to crack, and even if you use strong passphrases, there’s still the possibility that a cybercriminal can obtain your passphrase in a data breach. Implementing MFA is a great way to maximize your security and ensure that you are the only one who can gain access to your accounts. MFA should be implemented on all accounts where it is available. Check your account’s security settings to see if it is something you can set up.
  2. Update Your Privacy Settings: Privacy settings allow you to control your personal information (name, address, phone number, date of birth, financial details, photos or videos, etc) and how that information is used. Review your privacy settings on all of your accounts including your social media accounts. Consider restricting who can see your friends list, contacts, photos and posts.
  3. Activate Automatic Updates: Automatic updates are a set of changes to an app, software or operating system that are automatically pushed by the developer to fix or improve it. Oftentimes, cybercriminals take advantage of security flaws to plant malicious software on your devices. By activating automatic updates, you will automatically patch security vulnerabilities to protect your data.
  4. Create Strong Passphrases: A strong passphrase is a string of unrelated words separated by hyphen, space, period, capitalized first letter or number. Use passphrases that are longer than 15 characters and include multiple words that do not have any obvious connection between them. The key to passphrases is randomness. Don’t repeat your passphrases between accounts and consider using a password manager to help you remember.
  5. Learn the Elements of a Phishing Attempt: Familiarize yourself with the elements of a phishing email. Phishing emails tend to include a sense of urgency and multiple grammar and spelling errors. If they are asking you to reveal personal information, be suspicious. If you get a strange email, try contacting the company another way to confirm they sent that email. If the email is suspicious, mark it as spam.

TestimonialHear from Other Victims

Without Fightcybercrime.org, I don't know if I would have been able to react as quickly to protect my personal information.
Mary - Indianapolis, IN

Latest News

The latest and greatest from our blog.

> Protecting Customer Data: A Guide for Small Businesses

Protecting Customer Data: A Guide for Small Businesses

A data breach can have devastating impacts on your customers. Find out 10 steps you can take to protect your customer data.

Read Full Article
> Small Businesses Are a Cybercrime Target, and Verizon’s DBIR Has the Data to Prove It

Small Businesses Are a Cybercrime Target, and Verizon’s DBIR Has the Data to Prove It

This year, we collaborated with Verizon on their annual Data Breach Investigation Report (DBIR). Discover how your business can be impacted by cybercrime and what to do about it.

Read Full Article
> Data Breach: How to Recognize One and What to Do

Data Breach: How to Recognize One and What to Do

A data breach can have a devastating impact on your business. Find out how to recognize, report and recover from a data breach.

Read Full Article

Branding