Types of Data Breaches

Cybercriminals work around the clock to find ways to access sensitive data for financial gain, political purposes, or revenge. They continually find ways to bypass security, forcing software vendors and businesses to invest heavily in cybersecurity and stay at least one step ahead of information thieves.

open lock on keyboard
Last Modified date:   July 27, 2024
Key Takeaways
  • Cybercriminals continually innovate to bypass security measures.
  • Insider threats account for a substantial portion of data breaches, demonstrating the need for stringent internal security protocols.
  • Phishing remains the most common tactic for malware installation, which uses deceptive communications to trick individuals into revealing sensitive information or downloading malicious software.

Tech giant Apple reports that 1.5 billion records were breached in 2022 alone, a number that has tripled since 2013. Approximately 75 percent of organizations surveyed experienced data breaches in the last year. According to IBM, a data breach costs a business an average of $4.45 million. Information thieves have become increasingly sophisticated, but they typically rely on tried and true methods of accessing sensitive data used for decades.

Insider Threat

An insider threat occurs when someone with legitimate access to your company’s confidential information exposes the information to an unauthorized source. The insiders are often employees, but former employees, vendors, and contractors can also be insiders. 

According to Verizon, 57 percent of database breaches occur through insider attacks, and approximately 15 percent of all data breaches result from insiders misusing their privileges.

Not all insiders expose information maliciously. In many cases, insiders expose company information through carelessness. They may use weak passwords, turn off multi-factor authentication, leave laptops in unsecured locations, or otherwise cut corners to save time.

You may have a malicious insider if you observe any of the following behaviors in insiders:

  • Logging in or working during unusual hours
  • Downloading or copying large amounts of data
  • Requesting elevated privileges
  • Accessing information that is unrelated to their jobs
  • Attempting to access unauthorized areas

Real-Life Examples of Insider Data Leaks

No business is safe from insider threats, regardless of the size. In 2023, two former Tesla employees leaked the names, street addresses, phone numbers, and email addresses of 75,735 customers to a German news outlet. In 2022, a departing Yahoo employee downloaded 570,000 pages of trade secrets onto his personal devices, apparently intending to share trade secrets and proprietary research with his new employer, a competitor.

Malware

Malware is malicious software installed on a device without the user’s knowledge to damage the device, disrupt operations, or gain unauthorized access to confidential information.

Types of Malware

Malware takes multiple forms. It usually installs itself when a user takes a specific action, such as downloading a file or clicking a link leading to a malicious website.

Ransomware

Ransomware is malicious software that blocks users from accessing their digital files, systems, or networks until money is paid, often in cryptocurrency. Ransomware attacks increased by 70 percent during the first three quarters of 2023 compared to all of 2022. Some ransomware attackers also threaten to leak sensitive information if a ransom is unpaid. 

Ransomware attacks are increasingly targeting critical infrastructure networks in the United States. According to the security company Malwarebytes, approximately 35 percent of small and medium businesses have experienced Ransomware attacks.

Prevention is the only defense against ransomware. Once infected, no system restoration or decryption method can restore your files. Even if you pay the ransom, there is no guarantee you will get your system back, or that stolen information will not be leaked.

Many people falsely believe that Mac devices are impervious to ransomware. While attacks on PCs are more common, cyberhackers have been infiltrating Macs since 2016.

The Colonial Pipeline, the nation’s largest fuel pipeline, experienced a ransomware attack in 2021 that disrupted gasoline supplies in 17 states. Its operator paid a $4.4 million ransom fee to restore the system.

Spyware

Spyware is malware that monitors users’ activity while using the device without their consent. The malicious software then sends the stolen data to hackers, who may use it for their own purposes or sell it to others. 

Spyware commonly works through the following:

  • Keyloggers, which are programs that monitor your keystrokes
  • Screen captures
  • Tracking codes that monitor your browsing behavior

Spyware can allow hackers to see every bit of information a user types, including passwords, answers to security questions, addresses, employers, and any other information types into a device. Keylogging software can reveal passwords even if they do not appear on the screen.

Viruses

A virus is a software program that spreads by infecting files and making copies of itself. Viruses can erase your hard drive, corrupt files so they do not work, and install other malware on your system.

Trojan Horses

A trojan horse is a malicious program disguised as a legitimate program that can alter your system through a variety of activities, such as the following: 

  • Downloading other malware
  • Disabling antivirus software
  • Hijacking your device

Trojan horses can come from file-sharing programs, email attachments, spoofed chat messages, infected websites, and hacked networks. They differ from other malware because you knowingly install the software thinking it is something else. The program may even work like legitimate software to prevent you from learning you installed a malicious program.

Worms

Worms are similar to viruses but are more dangerous because they can spread from one device to another without the user clicking on a malicious link or opening an attachment. Worms are transmitted through networks, email, removable devices like flash drives, and instant messages.

Malicious Bots

Bots are legitimate programs that perform automated tasks, such as answering user questions, crawling web pages, and helping customers shop. However, some are malicious. Malware bots can imitate humans, send phishing messages, and perform other nefarious activities more efficiently than humans could.  

A botnet is a network of bots that work together to commit identity theft, overwhelm networks with excessive traffic, and take down online platforms. The ZeuS botnet has been plaguing the banking industry since 2007. It works by generating lists of financial institutions, stealing usernames and passwords, and monitoring users’ browsing activities to steal credit card numbers, usernames, passwords, and other sensitive information.

Phishing

Phishing is a form of social engineering and the primary malware installation method. Social engineering uses deceptive tactics to manipulate individuals into disclosing sensitive information. It can happen online, over the phone, in person, or through the U.S. mail.

Email phishing is the most common form, which occurs when the target receives a scam email from a seemingly legitimate source that pressures the user to click on a malicious link, open a malicious attachment, or send sensitive information in a reply.

One of the most famous phishing attacks ever involved Facebook and Google. Together, the tech giants paid $100 million to a hacker who sent fake invoices from one of their vendors. 

Phishing occurs in a variety of forms, as discussed below.

Spear Phishing

Spear phishing is a form of email phishing that targets groups or individuals likely to have access to specific types of information. The email may appear to come from a boss or trusted vendor.

Whaling

Whaling is a type of spear phishing in which the target is a “big phish,” such as an owner, CEO, or CFO, with access to more sensitive data, such as the company’s bank account numbers.

Smishing

Smishing is a form of phishing done through text messages. The text will appear to have come from a trusted source, such as a bank. There is often a clickable link within the text.

Vishing

Vishing occurs when the attacker uses a phone call to extract information, claiming to be from a legitimate business like Microsoft. One common tactic is to claim a device has a virus or malware infection. The caller will attempt to obtain the target’s credit card information. The caller may also email or text a malicious website link or attachment purported to be a fix.

Search Engine Phishing

Search engine phishing occurs when an attacker operates a scam website and works to become the top result in Google or other search engines. The website may be a copycat of a familiar, legitimate website. When users enter the website, it installs malware on their devices.

Signs of Malware

Your device or network may be infected with malware if you observe any of the following:

  • Sudden slow performance
  • Reduced battery life
  • Frequent error messages or crashes
  • Inability to shut down or restart
  • Persistent ads
  • Changes in your search engine
  • Your contacts receiving emails from you that you did not send

Stolen Information

A stolen laptop or mobile phone can expose significant confidential data. Even if password-protected, hackers can often find their way into stolen devices and access sensitive data. Some devices automatically connect to their company’s network just by being in close enough physical proximity to it.

Brute-Force Attack

A brute-force attack occurs when a hacker makes numerous attempts to guess your password and ultimately forces their way into your device or network. They use several methods to accomplish this, as shown in the table below.

Name of MethodHow It Works
Simple brute force attackManually guess without software, most effective on users with weak or default passwords
Dictionary attackUsing software to run through various combinations against individual usernames
Hybrid brute force attacksCombining dictionary and manual methods, often when the attacker knows the username
Reverse brute force attacksSearching for matching usernames when passwords are known, often through a data breach
Credential stuffingWhen a hacker has already gained access to a username and password on one site and checks it on other sites in case the user uses the same credentials everywhere

Hackers can often guess passwords by learning about the person and inputting words and numbers that would be important to the person, such as birthdates, street addresses, and even favorite sports teams.

Experienced a BREACH?
class action u logo

SQL Injection

SQL databases interpret user input to access data and return search results. In an SQL injection attack, hackers insert snippets of malicious code known as an exploit to trick the database into returning sensitive data in response to a seemingly harmless query. The inserted code snippets change how the database interprets the search. 

Most SQL injections occur because of vulnerabilities caused by poorly written programming code, but some hackers penetrate even the most well-written databases using bots.

The 2017 Equifax breach resulted from an SQL injection and revealed the names, dates of birth, Social Security numbers, driver’s license numbers, and credit card numbers of over 147 million people. 

The Federal Trade Commission determined Equifax knew about the vulnerability that allowed the breach at least two months before it occurred but failed to secure consumer information. Equifax paid at least $575 million in a global settlement with the FTC, the Consumer Financial Protection Bureau, and 50 U.S. States and territories.

Steps to Take

If your company has been affected by a data breach, the FTC recommends you take the following actions to mitigate the harm to the fullest extent possible:

  • Secure your systems, physically and online.
  • Identify and fix vulnerabilities that led to the breach.
  • Notify appropriate parties, including law enforcement and the affected businesses and individuals.

If your personal information was exposed in a data breach, take the following steps to protect your identity and personal information as soon as possible:

  • Place a fraud alert or freeze on your credit reports.
  • Change your usernames and passwords.
  • Notify your bank and credit card company if financial information has been stolen.
  • Obtain your medical records and look for errors.
  • Sign up for a credit monitoring service.
  • Order copies of your credit reports from all three credit bureaus.

If your information has been exposed in a data breach, Class Action U can help. We’ll answer your questions and advise you of your legal options, including your rights to a data breach lawsuit. You may be eligible for substantial compensation through a class action or individual lawsuit. Contact us today for a free consultation.

Contact Us Today

"*" indicates required fields

Name*
By submitting this form, I agree to the Terms, Disclaimer and Privacy Notice and to receiving calls and emails from the law firm handling this investigation
TCPA*
This field is for validation purposes and should be left unchanged.