Wham—news of a data breach breaks. Updates flood the internet, accusations fly between parties, and everyone speculates. Why? How? What happens now?
Amid the chaos and the hype, it can be difficult to get clear, accurate information about what’s really going on when a data breach occurs. While data breaches are certainly a complex issue, equipping yourself with basic knowledge of them can help you to navigate the news, to handle the aftermath, and to secure your data as best as you can.
Let’s get the story straight on why data breaches happen by looking at four common myths…
Data Breach Myth 1: Data breaches happen when someone at a company or organization steals data.
While the scandal of an insider hack seems oh-so-Hollywood, this is rarely the case.
The reality? In 2012, according to an annual study by Verizon, 94% of data breaches were perpetrated by outsiders. These outside hackers may not even be in the same country as the organization they hack.
Because most data breaches are not insider jobs, even organizations that you trust are at risk of having a breach. It’s not as simple as picking out bad apple employees or avoiding sketchy companies. In fact, it’s not only companies that need to worry about their data security…
Data Breach Myth 2: Data breaches only happen at stores where you make purchases.
When you hear the phrase “data breach,” what comes to mind? If it’s Target, you’re not alone. The magnitude of the Target Data Breach during the 2013 holiday season was unprecedented, with up to 70 million cards affected. The aftermath and press coverage continues even months after the incident. It’s easy to see why large retail stores seem like the new face of data breaches.
Yet, it’s important to remember that all sectors are at risk of experiencing a data breach because of the value of data. Just look at Indiana University, University of Maryland, Yahoo, the state of South Carolina, and the California DMV, who all recently experienced data breaches. In fact, retail accounts for only 15% of all data records lost or stolen, according to SafeNet.
Hackers are not just after credit card numbers that they can fraudulently charge. Other sensitive information—name, email, address, or social security number, for example—can be sold or abused for a profit. It’s important to use caution when you give out any of your data online or in person, and not only when you swipe your card.
Data Breach Myth 3: Data breaches happen every once in a while when there is a hole in security.
Data breaches happen all the time. A report by the Online Trust Association estimated that over 740 million personal records were exposed in 2013 alone, over the course of 614 breaches (Identity Theft Protection Center). We don’t always hear about data breaches because companies are currently not required to disclose this information. In the aftermath of the Target data breach, Congress is attempting to pass legislation requiring timely data breach notification.
Though data breaches hinge on exploiting a “hole” in security, this oversimplifies the problem. It’s impossible for the average consumer to know the ins and outs of a company’s security practices, and even if this information was made available, we could not predict what barriers hackers could break down to access valuable data. The real security hole is the poor standard of data security across the board.
Data Breach Myth 4: Data breaches happen because companies are careless.
The increasing frequency and magnitude of data breaches is a clear sign that organizations need to prioritize the security of personal data. Breached companies are guilty of carelessness with private information, but we have to remember that the data breach game has an element of chance: many organizations that have not been breached are still gambling with user data by not ramping up their security standards.
So while it’s easy—and justified—to point fingers at companies that experience breaches, it’s important to remember these occurrences are symptoms of a larger problem. Collaboration between all sectors, including governments, banks, credit cards companies, retailers, and consumers, will be needed in order to raise the security bar.