Data compromise is otherwise known as a data breach. It is a cyberattack where data is stolen, modified, or taken from a digital device without the knowledge or authorization of the owner. An individual, business organization, or nation State may suffer a data breach. Stolen or modified data may involve sensitive, proprietary, or confidential information such as credit card numbers, customer data, trade secrets, or matters of national security.
The consequence of data breach can include damage to reputation or goodwill and betrayal of trust. Victim companies and their customers may also suffer financial losses should sensitive or critical data be stolen.
Other techniques of data compromise are enumerated below:
- Denial-of-service Attack (DoS): This is an attack in which a number of compromised computers in a network flood the Internet with a large number of traffic directed at a target computer, overwhelming it and probably it’s network connectivity such that it drastically slows down its operation or damage it completely. A DoS is aimed at generating such a volume of spurious messages that the victim site becomes clogged up and is unable to accept messages from genuine users. In reality, outright damage may not be done to data or computer resources, but in some cases, the financial losses caused to stakeholders can run into huge sums of money in terms of lost business, goodwill, and other expenses incurred in rectifying the problems. In 2008, Symantec identified over nine million compromised computers in such networks and this is largely unknown to users and operators;
- Eavesdropping: An intruder gathers the information flowing through the network with the intent of acquiring and releasing the message contents for either personal analysis or for third parties who might have commissioned such eavesdropping. This is significant when considering that sensitive information, traversing a network, can be seen in real time by all other machines including e-mail, passwords and, in some cases, keystrokes; and
- Traffic Analysis: It is an inference attack technique that studies the communication patterns between entities in a system and deduces information. This typically is used when message is encrypted and eavesdropping would not yield meaningful results. Traffic analysis can be performed in the context of military intelligence or counter-intelligence, and is a concern in computer security.
According to Trend Micro, the number of data breach incidents recorded between January 2005 and April 2015, personally identifiable information (PII) was the most stolen record type while financial data came in second.
Breach methods observed across industries
Most data breaches are attributed to hacking or malware attacks. Other frequently observed breach methods include the following:
Insider leak: A trusted individual or person of authority with access privileges steals data;
Payment card fraud: Payment card data is stolen using physical skimming devices;
Loss or theft: Portable drives, laptops, office computers, files, and other physical properties are lost or stolen;
Unintended disclosure: Through mistakes or negligence, sensitive data is exposed;
Unknown: In a small number of cases, the actual breach method is unknown or undisclosed.
There abound various methods through which information may be compromised. Cyber criminals are constantly on the lookout to identify and exploit vulnerabilities in networks. Individuals and companies must therefore be vigilant and put in place data protection or cyber security mechanism to safeguard their proprietary information from unauthorised access and exploitation.