A data breach is a cyber attack that exposes confidential, private, or protected information to someone who is not authorized to access it. Attackers can steal information from companies or organizations to make a profit by selling it, using it for blackmail, or committing identity theft in order to access a victim’s financial accounts and other services. Attacks can also be devastating to a company’s reputation and cause the loss of loyal customers.
The largest data breaches often involve personal information, including names, addresses, and credit card numbers. Attackers can also steal passwords, security questions and answers, and email logins.
While data breaches occur at a wide variety of businesses, small and midsize businesses can be especially vulnerable. They may suffer from financial losses, regulatory fines and penalties, and a damage to their reputation that can drive away loyal customers.
When a data breach occurs, it’s important to take immediate action to prevent escalation of the situation. Start by collecting all available evidence regarding the leak. For example, speak with the individuals who recognized the breach, check your cyber security tools, and assess data movements within your servers and network devices.
Once the forensic reports are in, determine how you’ll notify consumers. Some states require a specific timeline for notification. Others require a risk of harm assessment. Consider whether you’ll only notify consumers via electronic or paper channels. You may want to post a website where you’ll keep people updated about the incident, which can also help them avoid phishing scams and other malicious online activities.