A data breach is a situation in which data is inadvertently released to or accessed by unauthorized individuals. The term is usually used in reference to electronic data breaches in which data on computers, servers, and discs falls into the wrong hands, although hard copies of data can also be subject to a data breach. Data breaches are a very serious safety and security issue everywhere from university campuses to the depths of government intelligence agencies.
In some cases, a data breach is caused by mishandling of data. Someone with access to classified data might accidentally leave it in a vulnerable location, as for example when a company employee accidentally leaves his or her laptop out. When data is improperly secured with passwords and other safety measures, it can also be accessed by people who are not authorized to see it. Sometimes, a data breach occurs simply because no one thought to secure the data.
Data breaches can also be the result of deliberate infiltration by someone who wants to access classified data. Hacking into computer systems can create a considerable data breach, as the hacker may have access to numerous databases at all security levels. Theft of data storage devices like hard drives can also constitute a data breach, as someone may be able to access the data by cracking the security measures to get to it.
Depending on the data which is accessed, a data breach can range from embarrassing to a threat to national security. Commonly, data breaches involve the theft of personal information for the purpose of fraudulent applications; a data thief might take names, personal identification numbers, medical histories, addresses, and other information for the purpose of identity theft, blackmail, or other activities. People may also breach a security system to obtain data to sell, such as trade secrets and documents pertaining to national security, ranging from detailed architectural plans of sensitive locations to codebooks used to encrypt transmissions.
The rise of data breaches as more and more data was stored in electronic form in the early 21st century led to growing government responses to data breaches. Many nations have laws in place which require businesses to inform customers if they are involved in a data breach. For example, if a bank's servers are hacked, it must notify all of its customers that there was a breach, and that it is investigating, and after an investigation, secondary notifications will be sent out to customers who were directly affected so that they can take steps to protect their financial accounts and identities.