Scribd
Upload
9 views

Data Breach Presentation

The presentation discusses data breaches, defining them as unauthorized exposure of sensitive information that can affect individuals, businesses, and governments. It outlines causes, targets, and potential damages of data breaches, including identity theft and reputational harm. Preventative measures such as software updates, encryption, and employee education are recommended to mitigate risks.

Uploaded by

Sidharth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views

Data Breach Presentation

The presentation discusses data breaches, defining them as unauthorized exposure of sensitive information that can affect individuals, businesses, and governments. It outlines causes, targets, and potential damages of data breaches, including identity theft and reputational harm. Preventative measures such as software updates, encryption, and employee education are recommended to mitigate risks.

Uploaded by

Sidharth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

VAC

DIGITAL EMPOWERMENT
Presentation

Data breaches
Presented by – Sidharth
Course – B. Com (H)
Roll no. - 589

Presented to – Geeta Ray


INTRODUCTION

Data breaches can be far more than a temporary terror- they may
change the course of your life. Businesses, governments, and
individuals alike can experience huge complications from having
sensitive information exposed. Whether you are offline or online,
hackers can get to you through the internet, Bluetooth, text messages,
or the online services that you use. Without proper attention to detail, a
small vulnerability can cause a massive data breach.
WHAT IS A DATA BREACH?

To define data breach: a data breach exposes confidential, sensitive, or protected


information to an unauthorized person. The files in a data breach are viewed and/or
shared without permission.
Anyone can be at risk of a data breach from individuals to high-level enterprises and
governments. More importantly, anyone can put others at risk if they are not
protected. In general, data breaches happen due to weaknesses in:
1) Technology
2) User behavior
As our computers and mobile devices get more connective features, there are more
placesfor data to slip through. New technologies are being created faster than we
can protect them.
HOW DO DATA BREACHES HAPPENS?

The common assumption is that data breaches are caused by outside hackers but that’s not always true.
Some more reason for data breaches are as follows-:
1)An Accidental Insider-: An example would be an employee using a co-worker’s computer and reading
files without having the proper authorization permissions. The access is unintentional, and no information
is shared. However, because it was viewed by an unauthorized person, the data is considered breached.
2)A Malicious Insider-: This person purposely accesses and/or shares data with the intent of causing
harm to an individual or company. The malicious insider may have llegitimat authorization to use the data,
but the intent is to use the information in nefarious ways.
3) Lost or Stolen Devices -: An unencrypted and unlocked laptop or external hard drive →anything that
contains sensitive information goes missing.
4)Malicious Outside Criminals-: These are hackers who use various attack vectors to gather
information from a network or an individual. Acts include Phishing, Malware etc.
TARGETS OF DATA BREACHES

Common vulnerabilities targeted by malicious criminals include the following:


1) Weak credentials -: The vast majority of data breaches are caused by stolen or credentials. If malicious criminals have your
username and password combination, they have an open door into your network. Because most people reuse passwords,
cybercriminals can use brute force attacks to gain entrance to email, websites, bank accounts, and other sources of Pll or financial
information.
2) Stolen credentials -: Breaches caused byphishing are a major security issue and if cyber criminals get hold of this Personal
information, they can use it to access things like your bank and online accounts.
3) Compromised assets -: Variousmalware attacksare used to negate regular authentication authentication steps that would
normally protect a computer.
4) Payment Card Fraud-: Card skimmers attach to gas pumps or ATMs and steal data whenever a card is swiped.
5) Third-party access -: Although you may do everything possible to keep your network and data secure, malicious criminals
could use third-party vendors to make their way into your system.
6) Mobile Devices -: When employees are allowed to bring their own devices into the workplace, it’s easy for unsecured devices
to download malware-laden apps that give hackers to data stored on the device. That often includes work email and files as well
as the owner’s Pil.
WHAT DAMAGE DATA BREACH CAN DO?

The effects of a data leak can be a lasting issue for your reputation, finances, and more.

1) For business organizations -: a data breach can have a devastating effect on an organization’s reputation
and financial bottom line. Organizations such as Equifax, Target, and Yahoo, for example, have been the victims of
a data breach. And today, many people associate/remember those companies for the data breach incident itself,
rather than their actual business operations.
2) For government organizations-: compromised data can mean exposing highly confidential information to
foreign parties. Military operations, political dealings, and details on essential national infrastructure can pose a
major threat to a government and its citizens.
3) For individuals-: identity theft is a major threat to data breach victims. Data leaks can reveal everything from
social security numbers to banking information. Once a criminal has these details, they can engage in all types of
fraud under your name. Theft of your identity can ruin your credit, pin you with legal issues, and it is difficult to fight
back against.
While these are common cases, the harm done by data breaches can extend far beyond these situations. So, it is
essential that you investigate whether your data has already been exposed.
HOW TO PREVENT BEING A DATA BREACH
VICTIM?

Here are a few best practices to avoid a data breach:

1. Patching and updating software as soon as options are available.


2. High-grade encryption for sensitive data.
3. Upgrading devices when the software is no longer supported by the manufacturer.
4. Enforcing BYOD security policies, like requiring all devices to use a business-grade VPN service
and antivirus protection.
5. Enforcing strong credentials and multi-factor authentication to encourage better user cybersecurity
practices. Encouraging users to start using a.password manager can help.
6. Educating employees on best security practices and ways to avoid socially engineered attacks.
SOME OF THE BIGGEST DATA BREACHES
OF 21 CENTURY
ST

1) Yahoo

Date: August 2013


Impact: 3 billion accounts
The company first publicly announced the incident – which it said took place in 2013-in December
2016. At the time, it was in the process of being acquired by Verizon and estimated that account
information of more than a billion of its customers had been accessed by a hacking group. Less than a
year later, Yahoo announced that the actual figure of user accounts exposed was 3 billion. Yahoo stated
that the revised estimate did not represent a new “security issue” and that it was sending emails to all
the “additional affected user accounts.”
2) Facebook

Date: April 2019


Impact: 533 million users
In April 2019, it was revealed that two datasets from Facebook apps had been exposed to the public
internet. The information related to more than 530 million facebook users and included phone numbers,
account names, and Facebook Ids. However, two years later (April 2021) the data was posted for free,
indicating new and real criminal intent surrounding the data. In fact, given the sheer number of phone
numbers impacted and readily available on the dark web as a result of the incident, security researcher-
Troy, Hunt added functionality to his HavelBeenPwned (HIBP) breached credential checking site that
would allow users to verify if their phone numbers had been included in the exposed dataset.”
3) LinkedIn
Date: June 2021
Impact: 700 million users
Professional networking giant linkedin saw data associated with 700 million of its users posted on a
dark Web forum in June 2021, impacting more than 90% of its user base. A hacker going by the
moniker of “God User” used data scraping techniques by exploiting the site’s (and others’) API before
dumping a first information data set of around 500 million customers. They then followed up with a
boast that they were selling the full 700 million customer database. While Linkedin argued that as no
sensitive, private personal data was exposed, the incident was a violation of its terms of service
rather than a data breach, a scraped data sample posted by God User contained information
including email addresses, phone numbers, geolocation records, genders and other social media
details, which would give malicious actors plenty of data to craft convincing, follow-on social
engineering attacks in the wake of the leak, as warned by the UK’s NCSC.
THANK YOU !

You might also like