Volver al centro de aprendizaje

What is a data breach?

A data breach is a security incident in which nefarious or unauthorized parties access confidential or sensitive data (information). This data could include anything from banking or financial data to intellectual property (IP) and healthcare records. 

While similar to a cyberattack, where malicious actors attempt to negatively impact a target system in a variety of ways, a data breach is distinct in that it involves only those security incidents where the malicious or unauthorized party successfully gains access to sensitive data. 

What are the risks of a data breach? 

For a target organization

  • Financial implications: Data breaches can result in significant financial implications - from legal fees to regulatory fines and the costs associated with remediating the beach, financial impacts are a top concern. 

  • Reputational implications: Organizations who have experienced a data breach stand to undergo reputational consequences. Loss of trust and resulting loss of business are often after-effects of a data breach

  • Impacts to operations: with considerable downtime and financial implications impacting the organization as a whole, it is not business as usual. 

  • Compliance + Legal Implications: With regulatory laws and standards like GDPR + PCI DSS, organizations can face significant legal implications. 

For the individual whose data was stolen

  • Financial Implications: Individuals with compromised sensitive data might face financial challenges; bad actors can use their personal information to open fraudulent loans, make purchases, and negatively impact their credit. 

  • Identity theft: Data like social security numbers, addresses, and bank account numbers can allow bad actors to assume the identity of the victim. 

  • Reputational Impacts: Sensitive data can be used against victims, particularly those in a position of power or authority, or those who have a lot to lose. 

  • Privacy Impacts: Privacy and personal information might be shared, revealing personal information to unwanted eyes. 

How does a data breach work? 

Data breaches follow a process of research, attack, and exfiltration:

1. Research: Bad actors (or attackers) begin their attack by researching their target. This research involves identifying any weaknesses within the target organizations: are their systems out of date, are they lacking in physical or IT security, or are any employees lax in their security responsibilities. 


2. Attack: After identifying viable attack vectors, a bad actor will perform their attack. Attack types include social attacks and network-based attacks:

  • Social attacks are performed using social engineering tactics: phishing emails are a prime example. A phishing email will contain malware that enables the attacker to gain access to the target network. 

  • Network-based attacks are aimed at targeting infrastructure weaknesses: exploitation of vulnerabilities in the target network and SQL injection attacks are popular approaches. 


3. Exfiltration: After successfully accessing the target system, a bad actor will extract the sensitive data they were targeting within the network. After retrieving the data, bad actors may opt to blackmail the target, sell data on the dark web, or even use information gleaned from the data to share confidential findings with the public. 

What are the most common forms of data breach?

Data breaches target a variety of popular attack vectors: 

Social engineering attacks: Use of manipulation to influence employees of a target company to unknowingly or accidentally share compromising security information allowing attackers to access company systems. 

Phishing attacks: A form of social engineering attack, phishing involves the use of fraudulent emails, texts or social posts to prompt an employee to either share login credentials or inadvertently download marlware that allows actors to access company systems. 

Compromised credentials: Brute force attacks, purchase of stolen credentials off the dark web, or sharing of passwords by ill-intentioned employees all result in nefarious access to company systems. 

Ransomware: A type of malware that essentially holds data hostage until a victim pays a ransom in order to ‘release’ it. 

Vulnerabilities: Any weaknesses within endpoints, APIs, applications, software, websites or operating systems pose a viable attack vector for bad actors. 

Physical security failure: Bad actors can also physically access offices, systems and devices of target organizations and their employees, allowing them access to sensitive data. 

Misconfigurations: Outdated, inaccurate or weak configurations (settings) within an application, network, device or system can leave a weak point for bad actors to exploit. 

SQL injection: Taking advantage of weaknesses within the Structured Query Language (SQL) of a database or website, SQL injection attacks involve the injection of malicious code into these databases or websites. 

How can you prevent a data breach?

The following are best practices for preventing, or at least lowering the risk of, a data breach: 

  1. Implement robust security measures: A multi-layered security program that accurately and proactively identities vulnerabilities across an organization’s systems is a must. Regular security audits and review of security practices can help minimize the risk of a data breach. 

  2. Foster a security culture: A security-as-culture mindset can help ensure that all employees within an organization understand and prioritize their role in security. An organization's security is only as strong as its weakest link: a single employee can pose enormous risk to overall security. 

  3. Perform patches to systems and networks, asap: All networks and systems should be regularly patched and updated to newest available versions. Regular software patching efforts are critical to avoid leaving gaps for easy exploitation. 

How can Fastly help prevent data breaches? 

The Fastly Next-Gen WAF provides advanced protection for your applications, APIs, and microservices, wherever they live, from a single unified solution. With protection that goes beyond OWASP Top 10 injection-style web attacks, you gain coverage against advanced threats, including account takeover (ATO) via credential stuffing, malicious bots, API abuse, and more — all in one solution

API Protection

Stop API abuse by monitoring for unexpected values and parameters submitted by endpoints and blocking unauthorized requests. Fastly can detect and block attacks in SOAP, REST, gRPC, WebSockets, and GraphQL APIs. Learn more about our GraphQL Inspection.

Account Takeover

Block account takeover (ATO) attacks by inspecting web requests and correlating anomalous activity with malicious intent.

Fastly Client-Side Protection

Prevent theft and misuse of customer data with a complete set of tools for script inventory and management. You’ll be able to fully document, understand, and manage your client-side attack surfaces in real time to stop client-side attacks and meet your compliance objectives.

Learn More About Fastly Security Capabilities

Aprende más

Fastly
© Fastly 2025