What is a data breach and how do I help prevent one?

A data breach is an incident that exposes confidential or protected information. These cyberattacks might involve the loss or theft of your Social Security number, bank account or credit card numbers, personal health information, passwords, or email accounts.

A data breach can be intentional or accidental. A cybercriminal may hack the database of a company where you’ve shared your personal information, or an employee at that company may accidentally expose your information on the internet. Either way, criminals can access your key personal details and profit from them at your expense.

As technology evolves, the number of cyberattacks also increases. Retailers, hospitals, corporations, government offices, and colleges have all been targets of data breaches. Larger companies continue to be the target of these cyberattacks because cybercriminals can steal large amounts of data at once.

But how do data breaches happen and how can you prevent them?

In this article, you’ll learn about:

• How data breaches happen
• The biggest data breaches of the decade
• What you can do to help stay safe

How does a data breach happen?

It might feel like cybercriminals keep coming up with new ways to steal data. But do they? The 2022 Verizon Data Breach Investigations Report identified nine “patterns” that criminals use. The pattern remains consistent year after year—in 2022, over 422 million people were affected by data compromises, including data breaches.

But how does a data breach happen? 

Insider and privilege misuse

Company insiders know the value of information, and sometimes they steal it. They might sell it or use it to start a new company.

Physical theft and loss

A laptop left in a hotel lobby can be used to breach protected information. However, breaches could also still involve paper documents. The loss of physical assets can be deliberate or accidental.

Denial-of-service

These attacks target networks and systems. Distributed denial-of-service (DDoS) attacks often target large organizations by flooding and overloading systems to disrupt service.

Crimeware

Crimeware includes various types of malware—short for malicious software—or social engineering attacks. 

Specifically, criminals might use:

• Ransomware: This kind of malware holds computer files hostage until the victim pays to unlock them—though even then they might not get unlocked.
• SQL injection: In this type of attack, a hacker inserts arbitrary code into an online user web form. If the form isn’t handled properly when passed through the backend database, it can corrupt the website.
• Phishing attempts: Phishing is a type of social engineering attack in which the cyberthief poses as a trusted source and contacts the victim through email, phone call, direct chat, or text message. The goal is to trick the victim into installing malware or sharing personal information, such as bank account info or passwords.

Web application attacks

When you sign up for a web application, you often share personal details. Attackers steal data such as names, addresses, and other information and use them elsewhere.

Payment card skimmers

Criminals can place a skimming device on a credit card reader to steal personal and financial information. 

Two popular targets include:

• ATMs
• Gas pump terminals

Cyber-espionage

Cyber-espionage involves a malicious email linked to state-affiliated actors. The goal is to pierce a system and steal information over time.

Point-of-sale intrusions

Remote attacks target point-of-sale terminals and controllers. Restaurants and small businesses have seen increased assaults in recent years.

Other ways data breaches happen

This pattern has variety. Lately, it includes compromised email accounts, where a cyberthief posing as the company CEO might order an employee to wire transfer funds for a believable reason. When someone in company finance follows the bogus directive and wires money to a criminal’s account, it can have devastating results.

The biggest data breaches of the decade

While hundreds of data breaches have affected consumers around the world, some of the most notable have occurred in just the last few years and involve the exposure of sensitive information, despite cybersecurity efforts aimed at data protection.

T-Mobile

In May 2023, T-Mobile announced that a hacker revealed the names, phone numbers, and PINs of more than 800 customers. T-Mobile experienced another breach in January 2023, where hackers accessed the data of over 30 million customers.

Capital One

In July 2019, Capital One reported that an unauthorized user broke through its security measures and accessed 140,000 U.S. Social Security numbers, 80,000 linked bank account numbers, and approximately 1 million Canadian Social Insurance Numbers. The breach affected 106 million credit card customers in the U.S. and Canada.

Marriott

In November 2018, hotel chain Marriott International said it had been hacked through the Starwood guest reservation database. The personally identifiable information of about 383 million guests may have been compromised, including names, phone numbers, email addresses, birthdates, and passport numbers.

Equifax

The Equifax data breach, which impacted more than 145 million American consumers, was disclosed in September 2017. Names, Social Security numbers, birthdates, driver’s license numbers, and approximately 200,000 credit card numbers—details that could be used to commit fraud—were exposed in the breach.

Anthem

In 2015, external hackers gained unauthorized access to healthcare company Anthem and stole a trove of sensitive information impacting roughly 80 million customers.

Yahoo

On a global level, Yahoo disclosed two data breaches in 2016, showing how a mountain of personal information can land in the hands of cyberthieves. Combined, the breaches of the online portal affected 1.5 billion user accounts.

Additional data breach facts

The pace of data breaches remains brisk, with dozens of high-profile cybercrimes reported in the past year. The Identity Theft Resource Center ranked 2022 as a record year for data breaches. 

The San Diego-based nonprofit recorded 1,802 U.S. incidents, which is only 60 attacks short of the previous year. In 2022, over 10 million people were impacted by supply chain attacks. There were 41.5% more victims impacted in 2022 than the previous year.

What can criminals do with the data they steal?

Cybercriminals don't just hold onto the information they access—they may find ways to exploit it for personal gain. 

Here are a few examples of what criminals do with the data they steal:

• Open and use new credit cards under your name.
• Withdraw money from your banking or investment accounts.
• File a tax return in your name and take the tax refund.
• Get medical treatment using your health insurance. 
• Apply for government benefits.
• Open utility or telecom accounts.
• Steal and use your credit card rewards, such as airline miles. 

Criminals can also sell your information on the dark web. According to Experian, Social Security numbers might go for $1 each, a credit card number could sell for up to $110, and a U.S. passport might fetch up to $2,000.

How can you protect your personal data?

It’s always smart to try to keep your data safe. It’s not uncommon to provide personal information to your bank, employer, doctor’s office, and even favorite restaurant. All of these businesses have a responsibility to keep your personal information secure, but that doesn’t always happen.

You can take steps to strengthen your personal defenses against the damage that could result from your data being breached. Here’s a partial checklist:

• Shred documents so it’s harder to trace the information.
• Use secure websites that have secure URLs and trust seals, or use a website safety checker. 
• Don’t share your Social Security number unless absolutely required.
• Create strong, secure passwords using uppercase and lowercase letters, non-sequential numbers, and special character symbols.
• Use different passwords on every different account. This can help minimize the damage if one of your account passwords is exposed or compromised.
• Make sure your computers and mobile devices are running the latest versions of operating systems and applications.
• Frequently monitor your transactions online and your monthly financial account statements to make sure transactions are accurate.
• Regularly check your credit reports to confirm that identity thieves haven't opened credit card accounts or loans in your name.

How can you recover if your data is exposed?

If you've been affected by a data breach, take these steps right away.

1. Find out what kind of data was stolen	U.S. companies are required to notify customers if their information was breached If you get this type of notification, try to pinpoint which accounts might be compromised and consider accepting whatever help the company offers This may include free credit monitoring
2. Contact your financial institution	Whether it's your credit card issuer or your bank, discuss the next steps Consider changing your account numbers, disputing or canceling fraudulent charges, and setting up fraud alerts
3. Change and strengthen your passwords on all accounts	Even accounts that weren't breached might be compromised later, especially if you've been using the same passwords A password manager can help you create strong passwords, keep them safe, and let you access them when needed
4. Check your free credit reports	Visit AnnualCreditReport.com to request your annual free credit report from each credit bureau and review them for errors and fraud, such as new accounts you didn't authorize Consider freezing your credit files to stop anyone from opening new accounts in your name Remember, you'll have to lift the freeze if you need to open new accounts later
5. Look for suspicious activity	Monitor your accounts and look for suspicious activity This may include charges or withdrawals you didn't make or new accounts that appear on your credit report

Help protect your data with LifeLock

It’s important to take steps to help protect your personal information. It’s also important to realize what happens when you share personal information—you likely have little control over how your information is secured or what could happen to it in the event of a data breach.

But in the event of data exposure as a result of a breach, you can turn to Norton’s LifeLock Standard Membership. Members will receive several features including:

• Privacy monitor: Helps reduce public exposure of personal information by scanning common people-search websites.
• Dark web monitoring: LifeLock patrols the dark web and notifies you if we locate your information.
• Identity and Social Security Number alerts: We monitor for any fraudulent or suspicious use of your SSN, name, address, or date of birth in credit applications and services.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.