Blog: Data breaches: what is it and what are the consequences?

The digitisation of our society brings many benefits: it saves us time, we are accessible everywhere, we work more from home, buy online, pay faster, can access our medical records, and so on. However, every coin has a downside. To take advantage of these benefits, we are increasingly forced to leave our personal data with companies and agencies. Sensitive information that cybercriminals are only too happy to access. We hear the word ‘data breach’ more and more often in the news. Think of the cyber attack on the KNVB, the Personal Data Authority concluding that everyone's personal data is on the street, the severity of data breaches increasing, and so on. When a company faces a data breach, it can have serious consequences. For the company itself, but also for consumers.

As a leading data processing company, EDM helps companies increase their return on data. We breathe data and are therefore more aware than anyone else of the risks involved in data processing. At a time when consumer privacy is key and technological developments are rapid, it is extremely important to do everything possible to minimise the risks of a data breach. From our perspective, we can offer some tools that reduce the risk of this. In this diptych, we will tell you more about data breaches, related to personal data. Part 1: what it is and what are the consequences, part 2: how to mitigate the risks of a data breach.

What is a data breach?

We speak of a data breach when unauthorised persons gain access to confidential or personal information. A data breach can occur when data is stolen, lost, misdirected or otherwise exposed to external or unauthorised persons. A data breach can be distinguished into 3 categories:

  • Breach of confidentiality: where there has been intentional or unauthorised disclosure or access to personal data.
  • Breach of integrity: where intentional or unauthorised changes to personal data have been made.
  • Breach of availability: when intentional or unauthorised destruction of personal data has occurred.

How can a data breach occur?

A data breach can have various causes, which certainly do not always involve intent. For example, the loss of an unencrypted USB stick containing personal data or accidentally sending sensitive files to the wrong recipient. However, cybercriminals often use phishing and public networks to gain access to data. They often use fake e-mails or impersonate public networks to gain access to account and personal data. Social engineering is another method where criminals try to exploit human weaknesses to gain access to systems.

Insufficient security and encryption of data also increases the risk of data leakage, as hackers can more easily access personal data or infect servers with ransomware. So sending data securely is not enough; it is important to also take adequate security measures to prevent data breaches. The lack of up-to-date security measures, such as firewalls, antivirus software and regular software updates, can lead to vulnerabilities in systems. This opens the door for hackers to gain unauthorised access to personal data.

What should you do if you face a data breach?

When a data breach has occurred, an organisation or agency should plug this leak as soon as possible. In addition, they need to understand how extensive the damage is in order to then inform customers about the data breach. This will let customers know that they should be extra alert and change login details. There is a duty to report data breaches. This means that companies and governments must report data breaches directly to the Personal Data Authority (AP). The Personal Data Authority is an independent regulator in the Netherlands dedicated to monitoring personal data. Does an organisation fail to report a data breach? If so, there could be financial consequences.

What are the consequences of a data breach?

The consequences of a data breach are often far-reaching and twofold, namely for an organisation and for consumers. It is therefore important to not only be aware of how to prevent a data breach, but also what the consequences might be if a data breach occurs.

Organisations and authorities

In the event of a serious data breach, organisations and agencies are obliged to report it to the Personal Data Authority.

  • Financial impact: Data breaches can have a major financial impact for an organisation. If the reporting obligation is breached, the Personal Data Authority can impose a fine on an organisation, which can be substantial. The concealment of a data breach with a high risk for all stakeholders can also result in a fine. Not only fines, but also repairing the damage comes at a high cost. Think of detecting and resolving the data breach, notifying (affected) customers and possible damages.
  • Business processes: Besides the financial impact, a data breach can also affect business processes. Services critical to an organisation may come to a halt. Think of ransomware blocking access to personal data, preventing customer service, for example, from processing customer requests, solving problems or answering questions.
  • Reputational damage: Finally, there is the possibility of reputational damage. If your organisation suffers a major data breach, its image suffers a major blow. Trust is severely damaged, making people more likely to switch to competitors. Ultimately, this in turn will impact financially.

Consumers

For consumers, a data breach can also have far-reaching consequences. Identity fraud is a common problem, where criminals use personal data, for example, to assume someone else's identity and make purchases without payment. Scams, particularly via phishing, are another form of fraud that can lead to sensitive information being obtained. Moreover, data breaches can threaten high-profile individuals, such as politicians, where their security may be compromised. It is therefore essential to take the consequences of data breaches seriously and take appropriate measures to protect consumers' privacy and security.

In part 2, you will read more about how you can reduce the risks of a data breach and we will give you some practical tools you can use right away. If you want to know how EDM can make your organisation future-proof, read more about our data & cloud expertise. Or contact us, and we will be happy to discuss this topic with you.