Data leak occurs when sensitive information is unintentionally exposed to unauthorized parties. This can happen through human error such as saving confidential documents on a public cloud or sending emails with private company information to the wrong recipients. It can also occur due to misconfiguration of a cloud storage server or hacking.
When a data leak happens, it allows cybercriminals to gain easy access to personal information and trade secrets. This can lead to financial losses, reputational harm and legal repercussions for the affected organizations. It can also enable them to carry out ransomware attacks and to sell the data on the dark web.
Many data leaks are caused by human error and can be hard to prevent. For example, employees might save a work file on a USB drive that they leave at home or print out confidential documents at a public printer. They might also forget to set up a password on a new device or use the same login combinations on different platforms (a habit that is common in both small businesses and large enterprises).
In 2019, hackers breached 23andMe, a company that conducts genetic testing for customers, by using a technique called “credential stuffing.” This attack uses credentials from previous leaks to break into users’ accounts on other sites.
In 2021, a database from the Florida-based marketing firm Exactis was found on an unsecured server and posted online, exposing millions of business and consumer records. The data included addresses, phone numbers, credit card information and more.
About the Author
