Learn Ethical Hacking from DROP Organization

/ / / / / what is a data breach

what is a data breach

, , ,

data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner. A small company or large organization may suffer a data breach. Stolen data may involve sensitive, proprietary, or confidential information such as credit card numbers, customer data, trade secrets, or matters of national security.

The effects brought on by a data breach can come in the form of damage to the target company’s reputation due to a perceived ‘betrayal of trust.’ Victims and their customers may also suffer financial losses should related records be part of the information stolen.

Phases of a Data Breach



  • Research
The attacker, having picked a target, looks for weaknesses to exploit: employees, systems, or the network. This entails long hours of research on the attacker’s part and may involve stalking employees’ social media profiles to find what sort of infrastructure the company has.
  • Attack

Having scoped a target’s weaknesses, the attacker makes initial contact either through a network-based or social attack.

In a network-based attack, the attacker exploits weaknesses in the target’s infrastructure to instigate a breach. These weaknesses may include, but are not limited to SQL injection, vulnerability exploitation, and/or session hijacking.

In a social attack, the attacker uses social engineering tactics to infiltrate the target network. This may involve a maliciously crafted email sent to an employee, tailor-made to catch that specific employee’s attention. The email can phish for information, fooling the reader into supplying personal data to the sender, or come with a malware attachment set to execute when downloaded.

  • Exfiltrate
Once inside the network, the attacker is free to extract data from the company’s network. This data may be used for either blackmail or cyberpropaganda. The information an attacker collects can also be used to execute more damaging attacks on the target’s infrastructure.

Reported Data Breaches

Date

Organization

Industry

Number of Records Stolen

Between 2013 and 2014

Yahoo

Email service provider

3,000,000,000

October 2016

Adult Friend Finder

Adult website

412,200,000

May 2016

MySpace

Social media website

360,000,000

Between 2007 and February 2013

Experian

Credit bureau

200,000,000

2012

LinkedIn

Social media website

165,000,000

February 2018

Under Armour/MyFitnessPal

Fitness mobile app

150,000,000

Between May and July 2017

Equifax

Information solutions company

145,500,000

May 2014

eBay

Online auction website

145,000,000

March 2008

Heartland Payment Systems

Credit and debit processor

134,000,000

December 2013

Target

Retailer

110,000,000

17-19 April 2011
(discovery date)

Sony PlayStation Network

Electronics firm

102,000,000

17 February 2012

Rambler

Internet portal and email service provider

98,100,000

December 2006

TJX Companies

Retailer

94,000,000

October 2017

MyHeritage

Genealogy-testing service provider

92,283,889

2005

AOL

ISP

92,000,000

July 2014

JP Morgan & Chase

Investment banking firm

83,000,000
(76,000,000 consumers; 7,000,000 small businesses)

February 2015

Anthem

Health insurer

78,800,000

2008

National Archive and Records Administration

Government agency

76,000,000

2012

Dropbox

File-sharing and hosting service provider

68,000,000

2013

Tumblr

Short-blogging website

65,000,000

About Suraj singh

Suraj singh
Recommended Posts × +

0 Comments:

Post a Comment

Subscribe to: Post Comments ( Atom )