What Is a Data Breach, and How Can It Affect Me?
A data breach is the unintentional release or the intentional theft of ostensibly secure information to an unknown and untrustworthy environment. In other words, when a data breach occurs, someone was careless or unlucky and allowed unauthorized persons to gain access to data — or someone deliberately tried and was successful in gaining access to the data. The problems associated with unauthorized access to data are growing, and some companies and individuals are taking matters into their own hands by subscribing to data breach monitoring services.
The risks of data breaches and the potential for identity theft and other serious crimes are quite real. So many of us buy items online, belong to social media groups, and share our personal information with companies that we're just one lost laptop, one hacked computer network, or one stolen hard drive away from putting our personal information into the hands of criminals.
To illustrate the scope of the problem, consider that between January 2005 and August 2010, data breaches compromised at least 495,035,254 individual records containing personal information in the United States. These breaches occur in many different ways, in accidental and deliberate acts such as the following:
• Misplaced or stolen laptops, smartphones, or other electronic devices
• Criminals who use social engineering techniques to "phish" or otherwise persuade people to unwittingly provide unauthorized access to sensitive data
• Sharing personal information online through social media groups
• Unencrypted data transfers that thieves intercept
• People who work in an organization and knowingly sell personal information to thieves
• Theft of paper files and other "hard" copies of personal information
• Hackers who constantly probe for weak spots in computer networks
• Many other schemes and techniques that allow thieves to steal identities through unauthorized access to data
When a data breach occurs, most states have laws in place that require notification of the breach to anyone who has personal information compromised. At least 40 states have such laws, but by the time victims receive notification about the breach, they may already be victims of identity theft.