8 Different Types Of Data Breaches With Examples

Posted by Ryan Mai on

A data breach is a security incident in which private/confidential information is viewed, copied, transmitted, or used by an unauthorized individual. This may involve personally identifiable information, personal health information, financial information, intellectual property, or trade secrets of companies.

Data breaches are far more than a temporary terror: they can hurt businesses and consumers in various ways, and expenses caused by them can damage reputations and take time to repair.

Breaches that affect hundreds of millions or even billions of users have become quite common. In 2016, the Internet service company Yahoo! confirmed that all 3 billions of its users were impacted in what is considered as the biggest data breach in history. Specific details of users, including names, mobile numbers, email address, date of birth, and hashed passwords, were leaked.

In 2018, NYC-based video messaging service Dubsmash and a fitness app named MyFitnessPal were among the massive data dump of 16 compromised platforms that saw over 600 million customers accounts leaked and offered for sale on the online darknet market.

Hundreds of similar events have happened in the recent decade. As per the study conducted by the Ponemon Institute, a data breach costs $3.86 million on average to a company.

Given the rising stakes and increasing costs of data breaches, businesses and governments have started putting a lot of resources to keep their customers’ data secure.

Most data breaches involve vulnerable and unstructured documents, files, and sensitive information. In this overview article, we have explained the eight most common types of data breaches and how do they happen.

8. Distributed Denial of Service (DDoS)

A 1.3Tbps DDoS attack shut down GitHub for 20 minutes in 2018

A malicious attempt to disrupt the host services 

DDoS attacks aim to overwhelm the website and online services with more traffic than the server or network can handle. They are sometimes used to distract cybersecurity operations while other fraud activity, such as network infiltration or data theft, is underway.

These attacks are carried out with a bunch of internet-enabled devices that are infected with malware. Attackers control these individual devices (also called bots) remotely.

A cluster of bots is known as a botnet, and once it has been established, the attacker can use it to target a particular server or network. Each bot sends requests to certain IP addresses, rendering the website or service inoperable.

The first DDoS attack happened in 1996 when one of the oldest ISPs named Panix was brought down for several days using the SYN flood, a method that has become a classic Distributed Denial of Service attack. Over the next decade, these types of attacks became common.

An attack of 1 Gbps is enough to knock most organizations off the internet. According to Cisco, the total number of DDoS attacks will reach 15 million by 2023, up from 7.9 million seen in 2018.

Example: In February 2020, Amazon Web Services was hit by an extreme DDoS attack, which targeted unknown customers via a method called Connectionless Lightweight Directory Access Protocol (CLDAP) Reflection. The attack peaked at 2.3 TBps and lasted for 3 days.

7. Brute-Force Attack

Brute force attack on 5-bit key

Guessing password via trial and error method 

A brute-force attack involves submitting credentials with the hope of eventually guessing right. Attackers try all possible combinations of passwords until the correct one is detected.

This type of attack accounts for nearly 5% of all data breaches. Attackers don’t need to enter passwords manually. Instead, they create an algorithm or use readily available software to automatically run different combinations of usernames and passwords until the right combination is found.

Brute force hacking tools are designed to generate tons of passwords per second. Combined with a powerful CPU and GPU, these automated tools could brute-force a strong encryption key in a matter of days.

Since longer passcodes can have more variables, they are exponentially more difficult to crack than shorter ones. Today, most symmetric algorithms use 128 or 256-bit keys, which can’t be cracked via brute force.

More specifically, the fastest supercomputer (with a speed of 100 petaFLOPS) would require 3.67×1055 years to exhaust the 256-bit AES key.

Example: In 2018, Firefox’s master password system could be easily bypassed using brute force. Passwords of millions of users were left vulnerable to malware and hackers. A year later, Firefox pushed out an update to fix this security glitch.

6. Ransomware

CryptLocker asking for a ransom 

A malware that infects devices and threatens users to pay a ransom

Ransom malware prevents users from accessing their personal files and demands a fee in order to regain access. It can infect your computer in several ways. The most common of them is malicious spam delivered via email, which contains deceptive links or attachments.

Conventional ransomware locks the device in a way that is not tough for a skilled person to reverse. However, advanced malware encrypts the user’s files, making them unusable, and demands a fee to decrypt them. Attackers usually ask for ransoms in difficult-to-trace digital currencies like Bitcoin.

The first ransomware named PC Cyborg was created in 1989. It would encrypt all files in the C directory and then demand victims $189 (by mail) to renew their license. Over the next decade, different variants of ransomware popped out.

However, advanced ransomware wouldn’t arrive until 2004, when GpCode encrypted personal data using weak RSA encryption. Since then, scams have spread worldwide, with new types still successfully targeting users.

In the first six months of 2018, there were more than 181 million ransomware attacks. In 2019, new ransomware variants increased by 46%, with 68,000 new ransomware Trojans detected for mobile.

Example: Perhaps the most popular example of ransomware is CryptoLocker, which occurred between September 2013 and May 2014. It was an encrypting Trojan horse that targeted devices running on Microsoft Windows. Its operators successfully extorted nearly $3 million.

5. Phishing

An unlawful attempt to obtain sensitive information 

Phishing is a technique of trying to collect personal information, such as passwords and credit card details, using deceptive websites and emails. It is also carried out via instant messaging and text messaging, where an attacker, masquerading as a trusted entity, dupes a victim into providing personal details. 

Phishing can also be used to deliver malware, by encouraging users to visit a link or download a document that will secretly install a malicious script on the device. On a larger scale, it is used to gain a foothold in private organizations or governmental networks.

For instance, in an advanced persistent threat, employees’ data is compromised to bypass security parameters, spread malicious programs inside a closed environment, or gain access to private data. This type of attack could remain undetected for an extended period.

According to Verizon’s data breach investigation report, 22% of breaches in 2019 involved phishing. About 88% of organizations across the world experienced spear-phishing attempts. 65% of the US organization experienced a successful phishing attack in 2019, which is nearly 10% higher than the world’s average.

Example: One of the most consequential phishing attacks occurred in 2016 when attackers managed to hack the Gmail account of Hillary Clinton campaign chairman John Podesta. Within hours of US election results, Russian hackers sent phishing emails (from spoofed Harvard University email addresses) to publish fake news.

4. Worm

Blaster worm displaying a message  

A standalone, self-replicating malware 

A computer worm spreads copies of itself from device to device. It replicates itself without any user interaction and attaches itself to a software program to cause damage.

While most worms get into devices through attachments in spam emails or instant messages, they can also be transmitted via software vulnerabilities. Once these attachments are opened or installed, they work silently in the background, infecting system files.

Worms can inject malicious script and modify/delete existing files. Some worms are designed to exhaust system resources, such as memory space or bandwidth. They do so by making copies of themselves and overloading a shared network.

Worms can also exploit loopholes in the operating system, application security, or network configuration errors to copy themselves onto a fully accessible disk and spread those copies over public networks.

Example: The first computer worm with real-world impact was developed by Robert Morris in 1988. Named after its developers, Morris Worm caused denial of service for about 10% of the 60,000 machines connected to ARPANET. In 2003, another worm named Blaster launched DDoS attacks against Microsoft’s own server, infecting as many as 2 billion devices.

3. Keylogger

Records keys struck on a keyboard without users’ knowledge 

Keystroke logging tools are one of the oldest forms of malware, dating back to typewriters. It is still used as part of larger cyber attacks. At its most basic definition, a keylogger traces the keystrokes on a computer.

Although it’s a simple software, attackers can use it as a potent tool to steal users’ data and sensitive information typed in through a keyboard. This gives attackers the benefit of accessing email IDs, passwords, account numbers, PIN codes, and other confidential information.

The hardware-based keyloggers can be plugged inline between a keyboard and a computer, or installed via BIOS-level firmware. The software-based keylogger can be installed through webpage scripts or attachment files from a phishing mail. It is installed automatically when a user visits a harmful site or opens a suspicious file attached to an email.

Example: In 2000, the FBI used a keylogger to catch two Russian cybercriminals. The keylogger was covertly installed on a machine, and the FBI used to access suspects’ computer in Russia. FBI was able to obtain enough evidence to prosecute them. In 2018, Google removed 145 apps from the Play Store that contained keylogging malware.

2. Human Error

Employees occasionally make mistakes that lead to major data breaches 

Humans are often the weakest link in data breach defenses. For instance, IT teams may accidentally expose customers’ personal information by misconfiguring servers, or employees may forward the company’s report to an outsider via emails that are sent in bulk.

According to the study conducted by the UK Information Commissioner’s Office (ICO), human errors caused 90% of cyber data breaches in 2019.

CybSafe, a cloud-based cybersecurity awareness platform, reported that 9 out of 10 of the 2,376 breaches reported to the ICO in 2019 were caused by faults made by end-users. This is 61% and 87% up from the previous two years.

Example: In 2017, the SSL certificate used by LinkedIn for its country subdomains expired. While this event didn’t affect, it did invalidate along with a few other subdomains. As a result, millions of users weren’t able to access LinkedIn for several hours.

Read: What Is A Firewall? Definition | Types | Working Principle

1. Improper Disposal or Irresponsible Resale

Many organizations don’t destroy outdated hardware properly 

Organizations, specifically small ones, often do not take data security in mind while upgrading hardware and infrastructure. The end of the hardware lifecycle is a crucial aspect of responsible storage management.

Not all data breaches are caused by hacking. Some are results of improper disposal and irresponsible resale. In order to secure confidential data, companies must decommission data or physically destroy hardware.

The National Institute for Standards and Technology has published guidelines for proper media sanitization and data disposition. They suggest that software-based methods, such as purge-level sanitization, can’t completely eliminate data from all storage regions on the media surface.

Example: In 2017, desktops from a government office in the City of Houston were sold in an online auction. After investigation, it was found that 23 out of 38 computers had hard drives full of private information.

Read: 13 Different Types of Computer Viruses

In the same year, ShopRite pharmacy in New Jersey discovered an electronic device that had been disposed of without first wiping its storage. It contained personal information of 10,000 patients, including their names, date of birth, signatures, phone numbers, ad medical prescription.


Leave a comment

Please note, comments must be approved before they are published

Bananas Store Phone Case

Bananas Store - The best place to buy phone cases

Banana Store is a global brand of accessories and cases for smartphones, from power bank, cable, charger, to all kinds of cases. Our products are for all smartphones on the market today. Including iPhone 12 Pro Max Cases. iPhone 11 Pro Max Cases, Galaxy Note 20 Cases, Galaxy S20 Cases ... There are many cute and luxurious cladding patterns here, its characteristics are very durable, good impact resistance, water resistance, and perfect fingerprint resistance. Our cladding products are widely available in international markets, United Stated (US), United Kingdom (UK), Australia (Au), Canada ...

About us

The Bananas Store was founded in 2016. We began globally and opened offices in the United States. We hit 1 million shipped pieces in 2017. With the goal of arousing self-expression, 2018 is the year we begin creating new products! In 2019, we've got over 2 million Instagram ads and cool people! In fashion and thoughtful mobile phone cases and accessories, Bananas Store is a pioneer. To transform your iPhone or Android into an accessory to brag about, we use quality materials and practical design. Bananas Store has ensured that every design is designed to protect your style and to complement it. Our products are designed to withstand drops from various heights on several different materials, to keep the phone intact, whether it is fitted with military-grade shock absorbing layers or the 10 'foot-die safety cast copper mold. For the newest smartphones, such as iPhone Xs Max, iPhone Xs or iPhone XR, we have a range of case styles. Bananas Store's Qi-certified mobile covers, screen protectors, and wireless chargers are protected by promises you can trust, in addition to attention to detail and sophistication in design. Our confidence in our products is shown by this guarantee. Our devoted customer service team is here to help if you find yourself in need of a replacement!

Our mission

Bananas Store is the world's leading brand of smartphone accessories, specializing in designing all types of mobile and tablet technology fashion cases. Since 2006, with products that cover, embellish and elevate their mobile devices, the company has helped customers express their personal style. The Bananas Store's team of design and technology enthusiasts have developed a series by collaborating with top designers from around the world and using cutting-edge technology and special materials. Suitable for all designs and all times. Rich box cover. Bananas Store is known as a dedicated address providing more than 500 types of cases for different phone lines, diverse materials, highest quality in the market, and affordable prices. With eye-catching designs that capture the heart of anyone at first sight, Bananas Store always satisfies its guests. It can be the combination of the signature and the flower on the phone case itself, or the fun, varied designs based on famous brands that are printed super sharp on the high quality case. .. and all of them always meet the three criteria: "Beautiful - toxic - substance". With the development of science, technology and technology together with the increasing demand and taste of customers, Bananas Store has been gradually upgrading workshops and always updated products, designs, and numbers. the quality and designs of the latest iphone & ipad and Samsung accessory market items. We're major believers in self-expression, so we just wanted to show it to those who dream and like to play, who decide that there's nothing lower than what's best for a shell. A phone of theirs!

Our products

Currently, the need to buy cases is huge, almost everyone who buys a phone buys the case because they want to protect the phone as well as meet the aesthetic elements for the phone. Bananas Store is a rich store with diverse designs of all materials, eye-catching colors to suit the tastes of consumers, especially for young people. IRing Ring Attachment Case, cute photo print back cover, tempered glass back cover, high-grade plastic panel with unique 5D printing technology, ... in large numbers currently available at Ha Duc Accessories All are enough for the most popular smartphones on the market such as iPhone, Samsung, Oppo, ... Printing workshop with the most modern printing technology closed line from Japan UV printer MIMAKI ultra large format 2.4m X 1.8m. The machine uses 8 RICOH GEN5 embossed 5D - 10D nozzles as required for true, fresh colors like a FULL HD photo 3 times sharper than conventional printers, along with the function of coating the textures. Small highlights and beauty for the product, French ink is extremely durable and safe for users. In addition to phone cases, Bananas Store also provides a number of other accessories such as camera sticks, charger toads, charging cables, technology toys, music speakers, romoss backup batteries, technology items, ... The variety, variety, price corresponding to that quality is what can be said about the phone cases that Bananas Store offers to the market. Moreover, with easy online payment policy, fast shipping and reputable return warranty, Bananas Store is always a reliable address for customers around the world who import wholesale and retail phone cases. FOR FURTHER DETAILS PLEASE CONTACT: Add: 2220 Meridian Blvd, Suite #FB114, Minden, NV 89423, US Email: