Data breach

A data breach occurs when sensitive, confidential, or protected information is accessed, disclosed, or stolen by an unauthorized party. This could involve personal data (like names, Social Security numbers, or passwords), financial details, medical records, or proprietary business information. Data breaches can result from cyberattacks, employee negligence, or system vulnerabilities—and often lead to financial losses, legal consequences, and reputational damage.

About Data breach

What’s the difference between a data breach and a data leak?

Though often used interchangeably, data breach and data leak describe two different scenarios:

  • A data breach is usually the result of a deliberate action—such as hacking, phishing, or malware—that allows unauthorized access to data.
  • A data leak, on the other hand, typically refers to data that is accidentally exposed due to misconfigurations or human error (e.g., a public S3 bucket or unprotected database).

In short:

Breach = forced entry

Leak = accidental exposure

Both put sensitive information at risk, but breaches often have more severe legal and regulatory implications.

What are the types of data breaches?

Data breaches come in various forms, including:

  • Hacking and malware attacks – Exploiting software vulnerabilities to access systems
  • Phishing and social engineering – Tricking users into revealing credentials or access
  • Insider threats – Disgruntled or negligent employees stealing or exposing data
  • Lost or stolen devices – Laptops or drives containing unencrypted sensitive data
  • Physical breaches – Unauthorized access to data centers or offices
  • Cloud misconfigurations – Improperly secured cloud services exposing data publicly

The method may vary, but the impact can include identity theft, regulatory fines, and business disruption

What counts as a data breach?

A data breach is generally considered to have occurred when:

  • Personal or confidential data is accessed by someone who shouldn’t have it
  • Information is copied, transmitted, stolen, or used without authorization
  • A system or database is compromised and data is at risk of exposure

Under laws like the GDPR, CCPA, and others, organizations must often notify affected users and regulators within a set time after discovering a breach.

Examples include:

  • A hacker stealing customer credit card numbers
  • A healthcare worker emailing patient records to the wrong recipient
  • A company accidentally posting internal documents online

If data that’s protected by law or considered sensitive is exposed—it likely qualifies as a breach.

Secure verifications for every industry

We provide templated identity verification workflows for common industries and can further design tailored workflows for your specific business.