A data breach, or data leak, is a security event in which protected data is accessed by or disclosed to unauthorized viewers. A data breach is different from data loss, which is when data can be no longer accessed because of hardware failure, deletion or other cause. Protected data can include information about individual customers, or employees, such as personally identifiable information (PII), personal health information, payment card information and Social Security numbers. It can also include corporate information or intellectual property (IP), such as trade secrets, details about manufacturing processes, supplier and customer data, information about mergers and acquisitions, or data about lawsuits or other litigation.
Data breaches are not always intentional. Users can accidentally send protected data to the wrong email address or upload it to the wrong share; in fact, mistakes account for 17% of breaches, according to the well-known Verizon’s 2018 Data breach investigation Report. But the report found that most breaches are deliberate and financially motivated. While different methods are used to gain access to sensitive data, 28% of breaches involve insiders, according to the Verizon report.