According to the Identity Theft Resource Center, there were a total of 1,120 data breaches and more than 171 million records exposed in the United States in 2017. That is a disturbingly high number illustrating the serious threats and risks developing in the digital world.
What is a Data Breach?
A data breach is a confirmed incident in which confidential, sensitive, or protected data is disclosed and/or accessed in an unauthorized manner. Data breaches could involve intellectual property, trade secrets, personally identifiable information, personal health information, etc.
The common data breaches to which most citizens are exposed include personal information like healthcare histories, Social Security numbers, and credit card numbers. For example, a 2017 Kansas data breach against the state Department of Commerce exposed the Social Security numbers of more than five million people and left the department on the hook for providing security monitoring services for those affected. In addition to private consumer information, hackers may also target corporate information, such as software source code, manufacturing processes, customer lists etc.
Anytime an unauthorized person views personal data, the organization charged with protecting the data or information has experienced a data breach.
If a data breach leads to violation of government, identity theft, or industry compliance mandates, the offender may be fined or face other civil litigation.
Data Breach Causes
A common example of a data breach is when an attacker hacks into a corporate website and steals sensitive data from a database. There is also a data breach when an unauthorized hospital employee views the health information of a patient. Data breaches could occur as a result of weak passwords, exploitation of missing software patches, or stolen or lost mobile devices and laptop computers.
There is also a risk of unauthorized exposure as a result of connecting to rogue wireless networks that steal users’ login credentials.
Data breaches could also occur via social engineering, where users would provide their login details to attackers or via malware infections. Afterward, the login details are used to enter into the sensitive systems and records, which could be undetected for a long period of time.
Threat actors could also target business partners so as to derive access and entry to large organizations. This sort of incident involves hackers disrupting less secure businesses to gain access to the main target.
Accidental Data Breaches
While cybercriminals and hackers often cause data breaches, there exist other incidents where business organizations or government agencies accidentally expose confidential and sensitive data online.
These kinds of incidents are known as accidental data breaches, and they basically involve the misconfiguration of cloud services by organizations and enterprises, or the failure to implement proper access controls like password requirements for applications or public-facing web services.
Preventing Data Breaches
The Kansas Attorney General advises that state laws require employers to take reasonable steps to protect the personal data of their employees. This includes utilizing software and other security measures to protect sensitive data. Employees can also take steps to protect their personal work terminals and laptops by using strong passwords/passphrases.
Have Questions About Your Legal Rights After Your Personal Data was Breached? Contact a Kansas City Data Breach Lawyer Today
When your personal data is hacked and used to steal your identity, file false tax returns, and other nefarious activities, it is a violation of your privacy, and you have the right to take legal action to hold any negligent party, including your employer, accountable. HKM Employment Attorneys are here to help. Contact our office today to schedule an in-person meeting.