Data Breach: Examples, Causes, and How to Prevent the Next Breach

• Data Breach: Examples, Causes & Preventing the Next Breach
• 16 Types of Cybersecurity Attacks and How to Prevent Them
• XXE Complete Guide: Impact, Examples, and Prevention
• How XSS Payloads Work with Code Examples & Preventing Them
• SQL Injection Attack: How It Works and 4 Preventive Measures
• Advanced Persistent Threats: Attack Stages, Examples, and Mitigation
• Supply Chain Attacks: Impact, Examples, and 6 Preventive Measures
• The Growing Threat of Credential Stuffing and 6 Ways to Defend Your Organization

10 Minute Read

A data breach occurs when a threat actor gains unauthorized access to protected data, usually as part of a cybersecurity attack. After gaining access to the data, a threat actor may attempt to steal, disclose it, or extort the data owner.

A data breach can occur in any organization, including small businesses and enterprises. It may affect various types of confidential information, such as trade secrets, personal health information (PHI), and personally identifiable information (PII).

Organizations handling and storing personal data are responsible for protecting it. If threat actors gain unauthorized access to this data and view or steal it, the organization is held accountable by laws and regulations governing data protection. The negative consequences of a data breach can include business disruption, fines, reputation loss, and legal exposure.

In this article:

• What Are the Consequences of a Data Breach?
• Recent Data Breach Attacks Examples
• Common Causes of Data Breaches
  • Weak and Stolen Credentials
  • Application Vulnerabilities
  • Malicious Insiders
  • Malware
  • Social Engineering
• 4 Ways to Prevent a Data Breach
• Vulnerability Assessments
• Implementing Least Privilege
• Data Backup and Recovery
• Penetration Testing

According to the IBM Cost of Data Breach report, the average cost of a data breach in the US is $4.24 million. Many organizations suffer from the surge in cybercrime, especially from the growth in ransomware attacks.

The actual cost extends beyond the immediate business disruption and technical remediation burden. Additional factors that push up costs include legal penalties, lower productivity, and reputational damage. Organizations may lose customers and investors after a breach, and regulatory bodies may require them to pay hefty fines.

The cost of data breaches is at a record high and will likely continue to rise. The impact of a data breach is especially significant in the healthcare sector, where patient confidentiality is an obligation. Across industries, the largest single factor contributing to the cost of a data breach is the lost revenue resulting from lower customer retention and recruitment rates.

During an attack, systems cannot process data or provide services to customers, resulting in business losses until the organization can repair them. Time is also an important factor—undiscovered vulnerabilities cause more damage when unaddressed for longer. Attackers have more time to exfiltrate data.

Here are examples of recent, highly publicized data breaches:

• Log4Shell exploit, 2021—a critical remote code execution (RCE) vulnerability was discovered, affecting the popular Java logging library Log4j. This could allow an attacker to take complete control of a system running Log4j, without requiring user intervention. According to reports, there were probably millions of attempts to exploit the vulnerability, which affects the world’s biggest organizations across all industries.
• Kaseya, 2021—an unknown perpetrator broke into Kaseya's network and distributed ransomware to at least three Managed Service Providers (MSPs) who use Kaseya products. As a result of this supply chain attack, the Ransomware spread to between 800-1500 small to medium sized customers of those MSPs.
• Facebook, 2021—a data breach exposed the personal information of more than 533 million Facebook users to hackers, including real names, date of birth, current city, and posts posted on Facebook walls. The vulnerability was discovered by White Hat Security in 2021, but was present since 2019.
• JBS, 2021—the world's third-largest meat processor was attacked by ransomware. As a result of the attack, hundreds of beef and chicken processing plants on four continents experienced prolonged downtime.
• Sina Weibo, 2020—the Chinese microblogging site reported attackers had access to parts of its database and breached 538 million Weibo users, including personal information such as real names, usernames, location, and phone numbers. The attackers sold the database for $250 on the Dark Web.

• Here are examples of recent, highly publicized data breaches:

• Log4Shell exploit, 2021—a critical remote code execution (RCE) vulnerability was discovered, affecting the popular Java logging library Log4j. This could allow an attacker to take complete control of a system running Log4j, without requiring user intervention. According to reports, there were probably millions of attempts to exploit the vulnerability, which affects the world’s biggest organizations across all industries.
• Kaseya, 2021—an unknown perpetrator broke into Kaseya's network and distributed ransomware to at least three Managed Service Providers (MSPs) who use Kaseya products. As a result of this supply chain attack, the Ransomware spread to between 800-1500 small to medium sized customers of those MSPs.
• Facebook, 2021—a data breach exposed the personal information of more than 533 million Facebook users to hackers, including real names, date of birth, current city, and posts posted on Facebook walls. The vulnerability was discovered by White Hat Security in 2021, but was present since 2019.
• JBS, 2021—the world's third-largest meat processor was attacked by ransomware. As a result of the attack, hundreds of beef and chicken processing plants on four continents experienced prolonged downtime.
• Sina Weibo, 2020—the Chinese microblogging site reported attackers had access to parts of its database and breached 538 million Weibo users, including personal information such as real names, usernames, location, and phone numbers. The attackers sold the database for $250 on the Dark Web.
• Avast, 2019—hackers compromised employees' VPN credentials, with the goal of injecting malware into Avast products. The attack was discovered before it led to a full scale beach.—hackers compromised employees' VPN credentials, with the goal of injecting malware into Avast products. The attack was discovered before it led to a full scale beach.

Weak and Stolen Credentials

Compromised passwords are a common cause of data breaches. Many users rely on common phrases for passwords, or reuse passwords between different accounts. Attackers can easily compromise these passwords and once they obtain one, they gain access to multiple accounts owned by the same user.

Organizations must enforce strong password policies, and enforce multi-factor authentication for all sensitive systems and data. Many organizations are transitioning to passwordless authentication, which eliminates the serious security risks associated with weak passwords.

Application Vulnerabilities

At some point, most software products will experience a security vulnerability that exposes them to cyber attacks. Software vendors regularly discover vulnerabilities, or are informed about them by security researchers, and attempt to remediate them before criminals can exploit them.

Whenever a vulnerability is fixed, the software vendor releases a patch or new version. This patch must be applied as soon as possible by all organizations using the software, as well as their employees and third-party vendors, because attackers will actively seek users who have not yet applied the patch.

Malicious Insiders

Many employees have access to sensitive information, and there is always the possibility that one of them will try to misuse it. Malicious insiders can have different motives, including financial gain, emotional challenges, or a desire for revenge.

Insider threats are extremely difficult to detect using traditional security techniques, because malicious insiders have legitimate access to corporate systems. However, new security technologies such as behavioral analysis make it possible to identify suspicious behavior by existing user accounts, which may indicate an insider threat.

Malware

Malware is malicious software that attackers attempt to deploy on a target system, usually via social engineering (tricking users into clicking malicious links or attachments) or by exploiting software vulnerabilities. Malware can compromise credentials or steal data from a victim’s device, encrypt and destroy files on the device, or do other types of damage. Many types of malware can spread rapidly to infect an entire network or environment.

Social Engineering

Social engineering is an attempt by an external attacker to trick users into divulging sensitive information or performing actions that violate security policies. A vast majority of cyber attacks leverage social engineering, because users are typically the weakest link of an organization’s cybersecurity defenses. Social engineering techniques include phishing, baiting, pretexting, and scareware.

1. Vulnerability Assessments

Organizations should regularly assess their systems to identify vulnerabilities and associated risks. These assessments help determine if the established security policies require updates, strengthening the overall security strategy.

2. Implementing Least Privilege

When implementing an Identity and Access Management (IAM) system, organizations should apply the principle of least privilege to ensure that each user only has the necessary access permissions. Maintaining least privilege access can be complicated, especially if the organization has many users with constantly changing roles. However, this security control is essential for ensuring that malicious actors (internal or external) cannot access sensitive data.

3. Data Backup and Recovery

Organizations should regularly back up their data and establish a recovery plan to restore their data after a breach. A backup and recovery plan helps ensure a faster response to minimize damage and prevent downtime. Administrators should regularly review the risk management, backup, and recovery policies to prevent attackers or ransomware from accessing backup data.

4. Penetration Testing

Penetration tests are simulated attacks that allow ethical hackers to identify vulnerabilities in computer systems, networks, or applications. Organizations may use third-party or in-house penetration testers to mimic an attacker’s techniques and determine how easily they can hack the system.

Penetration tests are also useful for evaluating compliance with security regulations. Organizations use regular pentesting to identify vulnerabilities proactively before an attacker can exploit them.

The HackerOne continual security testing platform combined with the power of ethical hackers prevents data breaches by finding and fixing application flaws before cybercriminals do.

The hacker community surveils an organization's attack surface, looking for the vulnerabilities that are most likely to be exploited. With their experience, creativity, and tenacity they often find vulnerabilities that scanners miss. Hackers recognize the risk context and severity of misconfigurations that can lead to damaging and costly data breaches.

Even in organizations with large internal security teams and mature vulnerability management processes, hackers routinely find and fix a significant number of critical vulnerabilities, assuring that unintended flaws don’t become open doors for bad actors.

Learn more about the HackerOne platform