Pin Me

What Is a Data Breach?

written by: Bruce Tyson•edited by: Linda Richter•updated: 3/2/2011

Headlines often carry news about data security where websites, email accounts, shopping sites and credit card companies are routinely hacked, exposing ordinary people to serious danger. Here we answer the question, "What Is a Data Breach?" to help put these issues into perspective.

  • slide 1 of 4

    What Is a Data Breach?

    A data breach occurs when the guardian of information allows it to fall into the hands of an unauthorized party. This can involve data inHD1T  any form including that which is printed or transmitted verbally, although in the digital age the term has come generally to refer to the transfer of electronically stored data.

    As noted, any illicit transfer of data can be described as a data breach: not just a hacking incident. For example, a careless or untrained employee could post company data on a public section of the corporate network, allowing it to be downloaded by the public at large.

    Still, almost two-thirds of all data breaches are malicious in nature, according to, a sign that suggests that IT staffers will do the most good for their company by focusing attention off network security.

    Image Credit: Wikimedia Commons/Data Security, Inc.

  • slide 2 of 4

    Examples of a Data Breach

    Cambridge Who's Who. A recent report filed by reveals how sensitive companies have become to data breach allegations. A former employee of Cambridge Who's Who Publishing has circulated allegations that a number of computer backup tapes from the company containing social security numbers, credit card data, drivers' license numbers, and other customer and employee information had been lost by the company, resulting in a data breach.

    The company, wishing to contain the negative publicity, took legal action in an attempt to squelch the claims. In his ruling against Cambridge Who's Who, the judge pointed to the public's stake in any data breach, and the large number of people potentially affected by the breach overruled the company's interest in abridging the former employee's First Amendment rights.

    In the Who's Who case, negligence appears to be the cause of the data breach. A technician removed a tape backup drive from company servers and apparently returned it with the tape inserted to the manufacturer. What happened to the tape remains unclear.

    U.K. passport office. Another recent example of a data breach is the news reported by InfoSecurity that a number of passport applications with their accompanying data had gone missing, breaching U.K. data protection laws. In this case, there seems to be no clear indication what became of the data that fell out of the hands of those responsible for its safekeeping.

    AT&T iPad hackers. One of the most publicized data breaches of 2010 was the famous case where hackers downloaded email addresses and other information about AT&T Wireless account holders who had purchased 3G service with that company. In that breach, data from over 100,000 subscribers was downloaded after programmers associated with the hacker consortium Goatse wrote a program that called an improperly constructed script on the AT&T web server to download the information automatically.

    Macworld detailed the famous "iLeak" case, and how information from high ranking government, corporate, and entertainment personalities fell into the hands of unauthorized people. Although the duo claims to have had good intentions with the breach, government authorities have charged two hackers with crimes that could net ten years of jail time and fines if convicted.

  • slide 3 of 4


    In hope of answering the question, "what is a data breach?" we have looked at the definition of a data breach and then considered several recent data breaches that attracted media attention. Being aware of the bad publicity and potential liability associated with data breaches, businesses should make data security one of their top priorities.

  • slide 4 of 4


    "Chronology of data breaches",

    "Office of inadequate security",

    "UK passport office violated Data Protection Act",