A data breach is any incident where confidential or sensitive information has been accessed without permission. Breaches are the result of cyberattacks where criminals gain unauthorized access to computer systems or networks and steal the private, sensitive and/or confidential personal and financial data of the customers or users contained within. The U.S. Department of Justice defines a breach as “the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, access for an unauthorized purpose, or other unauthorized access, to data, whether physical or electronic.” Our law firm views breaches as events which usually would not have happened but for inadequate cyber security protocols. With the advent of cloud computing and increased digital storage, data breaches are more prevalent now than ever, often impacting millions of consumers in just one attack on a company, and whereby cybercriminals can access any of the following:
- Customer or patient names
- Telephone numbers
- Email addresses
- Medical health records
- Credit Card numbers and security codes
- Banking and other financial information
How Do Data Breaches Occur?
A data breach occurs when a cybercriminal infiltrates a data source and extracts confidential information. This can be done by physically accessing a computer or network to steal local files or by bypassing network security remotely. While most data breaches are attributed to hacking or malware attacks, other breach methods include insider leaks, payment card fraud, loss or theft of a physical hard drive of files and human error. One Verizon study tells us that 71% of breaches are financially motivated and that ransomware accounts for nearly 24% of incidents where malware is used. This is of major concern since, at least, 36% of external data breach actors in 2019 were involved in organized crime. The most common cyber-attacks used in data breaches are:
Ransomware is software that gains access to and locks down access to vital data. Files and systems are thereby locked down and a fee is then demanded, commonly in the form of cryptocurrency. The most common targets in such attacks are enterprise companies and businesses.
Malware, also commonly referred to as “malicious software,” is a term that describes any program or code that harmfully probes systems. The malware is designed to harm your computer or software and commonly masquerades as a warning against harmful software. The “warning” attempts to convince users to download varying types of software and, while it does not damage the physical hardware of systems, it can steal, encrypt or hijack computer functions. Malware can penetrate your computer when you are navigating hacked websites, downloading infected files or opening emails from a device that lacks anti-malware security. Common targets in such attacks are individuals and businesses.
Phishing scams are some of the most common ways hackers gain access to sensitive or confidential information. Phishing involves sending fraudulent emails that appear to be from reputable companies, with the goal of deceiving recipients into either clicking on malicious links or downloading infected attachments, usually to steal financial or other confidential information. The most common targets in such attacks are individuals and businesses.
Denial of Service (DoS)
A Denial of Service is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. It is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The most common targets in such attacks are sites or services hosted on high-profile web servers such as banks.
Breaches Are On The Rise
According to recent surveys, 25,575 records are accessed in the average data breach. Since the beginning of (and due to) the COVID-19 pandemic, the FBI tells us that there has been a 300% increase in reported cybercrimes. In fact, by 2025, cybercrime will cost the world economy an estimated $10.5 trillion annually.
So, why is this happening? Well, for one, studies show that 38% of all users have passwords that never expire. Perpetual passwords are like ticking timebombs. What’s more, cybercrime protections at businesses can be wholly inadequate. In fact, 28% of data breach victims are small businesses, enterprises that typically lack the funding to institute sophisticated cyber security systems. But, whatever the size of the business, the inability to quickly detect and respond to data breaches can be devastating. According to a 2020 study by IBM, the average time to identify a breach was 228 days. Just imagine what cyber criminals could do with your information during that span of time.
Some other alarming statistics include:
- Despite the very high number of publicized data breaches, the actual number of data breaches is likely far greater since many of those breaches have unknown numbers of compromised records.
- Social media data breaches accounted for 56% of data breaches in the first half of 2018. (IT Web)
- Cloud-based cyber-attacks rose 630% between January and April 2020. (Fintech News)
- Confirmed data breaches in the healthcare industry increased by 58% in 2020. (Verizon)
- More than 93% of healthcare organizations experienced a data breach in the three year period preceding 2021. (Herjavec Group)
- Between 2017 and 2019, there was an 80% increase in the number of people affected by health data breaches, situations where very intimate personal information was accessed by criminals eager to sell it on the dark web.
- In 2018 alone, American citizens had 446.5 million of their records exposed. (Statista)
- Worldwide, data breaches exposed 4.1 billion records in the first six months of 2019, and then 36 billion records in just the first half of 2020.
Cole & Van Note has extensive experience addressing privacy issues and can serve as an invaluable resource to you, not to mention your advocates for a substantial financial recovery.