Data breach examples, definition, consequences, costs

As we spend more time and money online, the risk grows that a data breach will impact us personally or professionally.

Waging war against passwords can feel like a game of whack-a-mole. You happily head to a website on your phone after work to do a bit of retail therapy, and BOOM:

“This password has appeared in a data leak,
which puts your account at a high risk of compromise.
You should change your password immediately.
Change password on website.“

Talk about a mood killer. And that’s just on a personal level.

Businesses can no longer ignore the cost of data breaches. Let’s set aside our password-change fatigue and look at the hard facts for small businesses and global corporations.

With data breaches everywhere, customer data management becomes crucial

Customer data management best practices allow businesses to fortify their commitment to positive relationships. The potential for growth, in commerce and trust, is massive.

What is a data breach? What are the different types of data breaches?

Data breach, defined: a data breach exposes private, protected, sensitive, confidential information to an unauthorized person – or persons.

In a data breach, the information and files are viewed, downloaded, shared, and sometimes sold on the black market. Any person, business, enterprise, organization, or government can be at risk of a data breach — making data security, data privacy, and cyber-security crucial to an ever-growing digital existence.

The types of data that get targeted during a vary. Let’s go over what gets stolen and how.

Typically hackers are not looking to target a specific individual. The end goal is to access a volume of data they can sell in bulk.

Data that frequently gets stolen:

• Customer PII (Personally Identifiable Information)
• IT—The ability to function at the organizational level
• Identity Theft—Beyond PII, this unravels to be far-reaching and costly to resolve

Constitutions of data breaches and significance of data privacy

A snapshot of  data breaches and who it impacts:

1. Stolen Information—Fairly straightforward, can be personal information.
2. Malware—Malicious software intended to destroy or damage computers.
3. Password Attacks—Coordinated attacks to break weak passwords and gain personal data.
4. Phishing—Attempts to get people to voluntarily reveal private information.
5. Insider Threat—Someone with keys to the system and a grudge.
6. Ransomware—Malware’s nasty cousin, this type of breach aims to lock down crucial data and then demand a ransom. Liam Neeson, we need your help!
7. Denial of Service (DoS)—A cyber attack designed to disrupt service.

Types of customer data: Definitions, value, examples

Types of customer data serve distinct purposes. Identity data, descriptive data, attitudinal data, behavioral data defined with examples.

Who gets hurt by a data breach, and examples of some of the biggest hacks

The answer to “Who gets hurt by a data breach?” is “Who doesn’t?” When a leak occurs, the consequences are vast in scope and duration. In other words, leaks are expensive. leaks require companies to disclose the breach and doubling down on protecting consumers.

The industries getting hit the hardest by data breaches and the respective cost per breach are:

• Healthcare: $7.1M
• Energy: $6.64M
• Financial: $5.9M
• Pharmaceuticals: $5.1M
• Technology: $5.0M

Examples of some of the biggest breaches over the last couple of years include:

1. Hanna Andersson: Customers who made online purchases from the clothing retailer between September and November of 2019, had their names, shipping addresses, billing addresses, payment card numbers, CVV codes, and expiration dates skimmed and placed for sale on the dark web. Hackers installed malicious malware in Point of Sale (POS) systems to skim credit card information.
2. Fifth Third Bank: The financial giant stated said a former employee was responsible for the exposure of customer names, social security numbers, driver’s license information, and PII, like mother’s maiden name, address, phone number, date of birth, and account numbers.
3. MGM Resorts: In February of 2020, MGM stated that the personal information of over 10 million guests of MGM Resorts had PII data posted on a hacking forum. The information included names, addresses, phone numbers, emails, and dates of birth. In July of 2020, researchers said that over 142 million records from former guests at MGM were for sale on the dark web.
4. Walgreens: One of the biggest pharmacy chains in the United States said that an error in their mobile app’s SMS messaging feature exposed personal messages sent within the app, names, prescription numbers and drug names, store numbers, and addresses of customers.
5. Blackbaud: In February of 2020, a ransomware attack began on the cloud-based fundraising database management vendor for non-profits and educational institutions. The attack wasn’t discovered until May of 2020. Upon getting a ransom request, Blackbaud paid up, then was told that the data had been destroyed. However, sensitive data from over 6 million donors, donors, patients, and community members including names, emails, phone numbers, dates of birth, genders, provider names, dates of service, department visited, and philanthropic giving history were stolen. As with nearly every data breach, months later watchdog organizations stated that there were far more people impacted than initially reported. In September of 2020, the SEC said hackers gained access to unencrypted data that included social security numbers, banking accounts, and credit card/financial payment information. Blackbaud’s customers and clients continue to suffer from the outcomes of the attack and the consequences of it, including Inova Health, Saint Luke’s Foundation, Spectrum Health, and Northwestern Memorial HealthCare, to name a few – totaling over 2 million people.

Mission critical: Why CMOs are focusing on protecting customer data

In the race to compliance, customer trust is the finish line. A data breach can mean massive losses, so CMOs are focusing on protecting customer data.

Show me the money: The costs of a data breach

We’ve covered the hard costs of a data breach, but what about the other intangibles. How will a data breach impact the workforce, the business, and beyond?

Among the most significant issues related to a data breach are:

1. Revenue—Breaches cost bank.
2. Reputation—Buildings can be rebuilt. Reestablishing trust is trickier. And more expensive.
3. Legal—The ramifications spider out, touching clients, vendors, partners, and even employees.
4. Operational—Does the breach shut down a company? Maybe, or perhaps it reveals that the existing standards and protocol are not practical.
5. Lost Business—Business that might have been in the pipeline will be hampered by the energy put toward recovering from the breach. Pre-breach marketing and outreach are obsolete.

The long-term consequences of a data breach also depend on how quickly businesses can rally. The time it takes is twofold: the time to identify the breach and then the time to fix it. For the healthcare industry, recovering from a breach can take between 280-329 days. The financial industry is speedier at 233 days, but that is still a long time.

Best practices for data leak prevention

The ugly truth is that hackers and data breaches aren’t going away.

You can start minimizing your risk, however.

Here are a few things to consider as you build your defense for your data:

1. Get your cloud tools in order—multiple cloud-based marketing tools can create an Achilles heel, opening you to security threats.
2. Consent guidelines—Establishing comprehensive consent guidelines that are enforced in your system will protect data. Known consent dictates action.
3. Unified profiles—The tighter you manage and consolidate your customer data, the easier it is to protect.
4. Commit to vigilance—The future will only bring new risk. Prepare now so that your process can mature and evolve.

The best companies have always valued their customers; it’s natural and positive reciprocity. Moving forward, businesses must make serious plans to protect customer data, because, at the end of the day, the most costly aspect of a breach is the potential loss of customer trust, which isn’t easily restored – if ever.