A data breach occurs when sensitive data is copied, transmitted, viewed, stolen, or accessed by an unauthorized individual. For a security incident to constitute a data breach, the exposure of sensitive data isthe result of a planned cyber attack. The presence of intent differentiates a data breach from a data leak, where exposure is either accidental. 

A data leak occurs when data is accidentally exposed through a vulnerability, such as weak passwords, or when stolen data has been published on the dark web. Data leaks and cloud leaks can also cause a data breach if a cybercriminal exploits these vulnerabilities to gain unauthorized access to sensitive information. 

The types of data exposed in a security breach include highly confidential information, such as:

Learn the differences between data breaches and data leaks >

Graphic showing cybercriminals accessing sensitive data through IT boundary

Data breaches are prevalent in industries that deal with large amounts of personal data, such as the healthcare and financial sectors. Cybercriminals exploit this information to commit lucrative cybercrimes, such as identity theft and health insurance fraud. 

How Do Data Breaches Happen?

Examples of security incidents that lead to data breaches include:

Learn how to prevent costly data breaches. Download the free guide >

What to Do if a Data Breach Occurs

Data breaches are increasingly common for organizations of all sizes - from small businesses to multinational corporations. Having a comprehensive incident response plan ensures your organization knows how to identify, contain, and quantify the impact of a data breach.

Follow the steps below to respond effectively and efficiently following a data breach.

1. Isolate Breached Systems

You must ensure the breach has stopped before taking any further action. Identify the affected parts of your system, log all data, and isolate these parts to prevent further compromise. Keeping a data log is crucial to identify what data has been compromised.

2. Perform an Audit

Once you have isolated the source of the breach, you’ll need to perform an audit to determine which data was accessed and when. The scope of the breach depends on which information was accessed or modified.

Having audit logs and backups readily available helps you compare what changes have occurred in affected systems. Otherwise, a data expert can check to validate the accuracy of the audit. 

3. Inform Affected Customers

You must inform all affected individuals as soon as possible. Data breach notification laws mandate this process, such as the European Union General Data Protection Regulations (GDPR), and US state laws, such as the California Consumer Privacy Act (CCPA) and the New York SHIELD Act

Prompt communication can also help minimize the reputational damage caused by a breach. Provide your customers with instructions on how to secure their accounts and personal data.

4. Implement Data Breach Prevention Strategies

Implementing effective data security processes and information security policies is essential to prevent data breaches in the future. Effective prevention strategies include:

Learn how to prevent data breaches.

Examples of Data Breaches

Below are examples of recent well-known data breaches.

Microsoft Logo


In January 2021, Microsoft Exchange’s email servers were involved in one of the US’ most significant cyberattacks to date. More than 60,000 companies were affected worldwide, 30,000 of which were US-based. The attackers were able to gain access to emails containing sensitive data by exploiting four zero-day vulnerabilities

The email accounts were connected to various organizations, including small businesses and local governments. The software flaw allowed the hackers to remain active in the vulnerable systems for three months. 

LinkedIn Logo


In April 2021, hackers performed an illegal data scrape of LinkedIn’s user base, revealing the personal details of over 700 million users. This exposure enabled additional cybercriminals to take advantage of the breached data. One threat actor reportedly tried selling a set of LinkedIn data on a public forum for $7000 in Bitcoin. 

Yahoo Logo


Between 2013 and 2016, Yahoo was hit by several cyber attacks. A team of Russian hackers exploited Yahoo’s database, stealing records containing personal information from about 3 billion user accounts in total. Yahoo’s delayed reaction to the attack and failure to disclose one of the security incidents to its users resulted in a $35 million fine and 41 class-action lawsuits. 

Equifax Logo


In September 2017, primary credit reporting agency Equifax reported a significant data breach that compromised the publicly identifiable information (PII) of 148 million US citizens. The breach also affected many financial institutions that used Equifax as a third-party vendor. Due to their poor network security, Equifax eventually faced penalties to the tune of $575 million to be paid to numerous authorities, states, and territories.

See our full list of the biggest data breaches.

Ready to see
UpGuard in action?

Ready to save time and streamline your trust management process?