What can cause a data breach?

The term data breach may strike fear into the hearts of business owners and IT personnel, especially those in charge of securing important information.

Trend Micro defines a data breach as: "The exfiltration – the release of data from a system without the knowledge or consent of its owner."

When a data breach occurs, sensitive employee and customer data, payment information, company details and other types of data can be stolen and distributed. It's easy to see just how damaging these events can be – one only has to look at the high-profile breaches that occurred in 2014.

So, it's obviously important to put the right security measures in place and conduct IT security training, but how do these breaches occur in the first place?


This is likely what most people will think of when they think of a data breach, as they commonly make headlines. Such attacks usually stem from malicious third parties that are either seeking to steal information for personnel financial gain, or perhaps on behalf of another group.

The truth is, cyberattacks aren't the biggest cause of data breaches and are also one of the easier 'threat vectors' to protect against.

Unwitting employees

This is what's also known as an internal breach, when the business itself is responsible for the information leak. Most commonly, unwitting staff are responsible. The breach could stem from an employee who doesn't understand a particular system, or perhaps a lost device.

For example, a staff member could leave an unlocked smart phone, tablet or laptop in a public place, which subsequently makes it easy for an attacker to to steal information.

Revenge attacks

The final cause is a revenge attack – carried out by a disgruntled employee, or perhaps someone who has recently been let go but not had security access revoked. It's all too easy for a person who has left the company in such a way to feel a need to exact revenge on the business.

While these people may not be after financial information or attacking for personal gain, they can do far more damage simply by attacking for the sake of it.

Data breaches are only likely to become more dangerous over the next few years, as businesses continually invest in technological endeavours. New online platforms and services are all ripe targets for businesses.