Key takeaways:
- A data breach occurs when personal information is accessed or exposed without permission, such as login credentials, customer records, or payment details.
- Most data breaches start with common tactics like phishing, stolen passwords, malware, or unpatched software.
- Effective data breach prevention requires layered security: MFA + strong passwords, regular updates, SSL/HTTPS encryption, monitoring/scanning, and backups.
Your personal information is more valuable than you think, and cybercriminals know it.
Every time you shop online, create an account, and share your personal data, such as bank account numbers or any sensitive financial information, with a business, that data lives somewhere on a server. If those servers are compromised, millions of people can be affected almost instantly.
Read on to know what a data breach is, why it matters, how it happens, and what data breach prevention looks like for businesses that store personal data.
What is a data breach?
A data breach is a security incident in which sensitive, protected, or confidential information is accessed, disclosed, stolen, or shared without authorization. It can happen through hacking, accidental exposure, insider misuse, or a simple system misconfiguration. However it happens, the result is the same: private information ends up in the wrong hands.
In the U.S. alone, the Identity Theft Resource Center (ITRC) tracked 3,322 data compromises in 2025, a new record. Even more eye-opening: 80% of surveyed consumers said they received a data breach notice in the last 12 months. And globally, Verizon’s 2025 DBIR analyzed 12,195 confirmed data breaches in its dataset.
For websites with user accounts, data breaches usually involve information like:
- Names
- Email addresses
- Usernames and passwords
- Home addresses
- Birthdates
- Social Security numbers
- Driver’s license numbers
- Passport numbers
- Bank account or payment details
And here’s the truth: data breaches aren’t just alarming and damaging to your credibility—they can also get expensive. IBM’s research puts the global average cost of a data breach at $4.44M in 2025, with the U.S. average at $10.22M.
The bottom line: If customers trust you with their personal data, you need to protect it as carefully as you protect your revenue. A data breach can put both at risk.
Some of the biggest data breaches in US History
To understand the stakes, here are a few data breaches that changed the conversation around data security:
Conduent (2024)
In 2024, business services provider Conduent disclosed a data breach affecting up to 25 million individuals, making it one of the largest US corporate breaches reported that year. Exposed information reportedly included personal and financial data tied to services Conduent operates for government agencies and large enterprises, prompting investigations and legal scrutiny over its data‑handling practices.
Yale New Haven Health System (YNHHS) (2025)
In March 2025, Connecticut’s largest non-profit health system suffered a ransomware attack exposing 5.5 million patient records—the biggest healthcare breach of 2025. Compromised data included names, addresses, phone numbers, emails, DOBs, race/ethnicity, medical record numbers, and SSNs (no EMRs or financial data accessed). It triggered lawsuits and an $18M settlement with two years of free identity protection.
Progress Software – MOVEit vulnerability (2023–2024)
In June 2023, Progress Software disclosed a zero‑day SQL injection flaw in its MOVEit Transfer and MOVEit Cloud products that allowed attackers to breach customer environments and steal files. The incident ultimately affected more than 2,500 organizations and an estimated 94 million people worldwide, with total damages projected at more than 15 billion dollars.
AT&T (2024)
In 2024, AT&T was linked to a major data leak that exposed a dataset containing roughly 110 million customer records, including names, Social Security numbers, and dates of birth, drawn from both legacy and more recent sources. The incident combined an older cache of repackaged data with a newer breach tied to a third‑party Snowflake environment, underscoring how legacy data retention and vendor security can amplify long‑term risk.
Data breach vs. security breach: What’s the difference?
These two terms get used interchangeably, but there’s an important difference.
- A security breach is unauthorized access to a system, network, or account.
- A data breach occurs when sensitive data is accessed or exposed.
Security breach | Data breach | |
|---|---|---|
Simple definition | Unauthorized access to a system, network, or account | Sensitive data is accessed, exposed, or stolen |
What’s affected | Systems, apps, logins, infrastructure | Personal info, financial data, corporate data, customer records, credentials |
What it looks like | Someone gets into your admin panel, server, or email account | Data gets viewed, downloaded, leaked, or shared publicly |
Impact | Risk increases—but damage may be limited if caught early | Direct exposure of sensitive info (often triggers notifications, legal steps, reputational harm) |
Can it happen without the other? | Yes. Access happens, but no sensitive data is taken | Sometimes. Data can be exposed accidentally (like a public database) even without “hacking” |
Here’s one way to look at it: a security breach is like someone breaking into your building. A data breach is when that person actually gets their hands on your files. With the right monitoring and alerts, you might spot a security breach in time to stop it before any sensitive data is stolen.
Read our What is website security? Beginner’s guide to protecting your site guide for more information.
Types of data breaches
Knowing the different types of data breaches can help you build a stronger prevention plan.
Breach type | Definition | Example |
|---|---|---|
Hacking or malware | External attackers exploit vulnerabilities or use malicious software to access systems and exfiltrate data. | Ransomware encrypts company files and steals copies of customer data for financial gain. |
Phishing & social engineering | Attackers trick users into revealing credentials or downloading malware. | A fake “account verification” email steals employee logins to business email, then attackers pivot into CRM data. |
Credential‑based attacks | Stolen, reused, or weak passwords are used to log into accounts directly. | Attackers try leaked username–password pairs across banking or SaaS logins until one works. |
Insider breaches | Employees or contractors misuse their access, either maliciously or through negligence. | An employee downloads customer-sensitive data to a personal device and later loses it. |
Lost or stolen devices | Laptops, phones, USB drives, or hard drives with sensitive data go missing. | An unencrypted laptop with thousands of patient records is stolen from a car. |
Misconfiguration / accidental exposure | Databases or cloud storage are left open to the internet without proper access controls. | A cloud storage bucket with customer invoices is indexed and scraped by bots. |
Third‑party / vendor breaches | A supplier, partner, or service provider is breached and attackers access your data through them. | A payment processor is hacked, exposing card details from hundreds of online stores. |
How do data breaches happen?
There are many ways a data breach can occur, but most attackers follow a familiar pattern. Here’s how it typically happens:
- They research the target
- They choose an attack method
- They extract the data
Step 1: They research the target
Before they attack, malicious actors often spend time learning how your business works and where your weak spots might be. They may look for:
- Which employees or roles can they impersonate
- What software does your website run (CMS, plugins, login portals)
- Whether data lives in the cloud, on servers, or in a third-party tool
- Public-facing clues like exposed admin pages, error messages, or outdated components
Step 2: They choose an attack method
Once they know what’s easiest to exploit, attackers decide how to get in:
- Direct attacks that target technical weaknesses (unpatched vulnerabilities, exposed services, weak configurations)
- Social engineering attacks that target people (phishing, impersonation, tricking someone into installing data-stealing malware, or handing over credentials)
Step 3: They extract the data
After gaining access, attackers move to the goal: getting the data out. This “data exfiltration” can happen through:
- Copying databases or exporting files
- Pulling customer records through compromised admin panels
- Using malware to transfer data remotely
- Slowly leaking information over time so it blends into normal network traffic
This slow and steady method is exactly why monitoring is so important. It gives you a chance to spot suspicious activity before things get worse.
What are the damages a data breach could do?
A breach doesn’t just expose information: it triggers a domino effect.
For individuals
When personal data is compromised, the consequences can be severe and long-lasting. Identity theft can mean criminals opening credit cards, taking out loans, or filing tax returns in your name. Financial fraud can drain accounts before victims even notice. And targeted phishing attacks often follow breaches, as attackers use stolen data to craft more convincing scams.
For businesses
For organizations, the fallout hits multiple fronts simultaneously. There are direct financial costs — regulatory fines, legal fees, and customer notification expenses. There’s reputational damage that loses the customer trust you’ve spent years building. Operations can stall during incident response, leading to significant downtime and lost revenue.
Even worse: once attackers know a system is vulnerable, they often come back.
How to prevent data breaches?
Data breaches usually happen when basic protections are missing or outdated. The steps below help you lock down accounts, patch common vulnerabilities, protect data in transit, and catch threats early—without overcomplicating your setup.
- Use strong passwords and enable multi-factor authentication (MFA)
- Keep your software updated
- Encrypt your data with SSL/TLS
- Scan for malware and vulnerabilities regularly
- Use data loss prevention (DLP) tools
- Back up your website and test restores
- Train your staff and reduce access risk
- Conduct regular security assessments
Use strong passwords and enable multi-factor authentication (MFA)
Your password is your first line of defense. If it’s weak, you’re basically inviting attackers in. Always use long, unique passwords, never reuse them across accounts, and use a password manager to keep everything organized.
On top of strong passwords, multi-factor authentication (MFA) gives you an extra layer of protection. Even if someone gets your password through a brute-force attack or phishing, MFA means they’d also need access to your phone or email to log in. This simple step blocks most automated attacks.
Keep your software updated
It’s tempting to ignore those update notifications, but skipping updates is one of the main reasons breaches happen. Updates often include security fixes for vulnerabilities that attackers are looking to exploit. Make sure to patch your CMS, themes, and plugins regularly. Remove anything you’re not using and only give admin access to people who really need it.
Encrypt your data with SSL/TLS
If your website has logins or forms, HTTPS is a must. SSL/TLS encryption protects the connection between your visitors and your site, keeping any data sent back and forth safe. Even if someone intercepts the data, encryption makes it unreadable without the right key.
[To link banner when we deploy new CTA: https://www.networksolutions.com/security/ssl-certificates ]
Scan for malware and vulnerabilities regularly
You can’t fix what you can’t see. Regular malware and vulnerability scans help you catch threats early, even in cases where attackers have access but haven’t acted yet. Automated daily scans make it much easier to stay on top of things. You can use tools like our SiteLock to scan your website for stronger protection.
Use data loss prevention (DLP) tools
DLP tools act like a smart filter for your network, stopping sensitive data from leaving without permission—whether it’s by accident or on purpose. There are enterprise options such as Symantec, Forcepoint, and Microsoft Purview, but even standard endpoint protection tools can offer strong DLP capabilities for smaller businesses.
Back up your website and test restores
Backups can’t stop a data breach from happening, but they can help your business recover if you face downtime, defacement, or data loss. Make sure to back up regularly, keep copies in different places, and test your backups to be sure they work when you need them.
Train your staff and reduce access risk
A lot of data breaches happen because of human error—not because people are careless, but because they haven’t been trained to handle these situations. Teach your team how to spot phishing and impersonation attempts, use MFA, avoid reusing passwords, and report anything suspicious right away. Training should be ongoing, not just a once-a-year task.
Preventing breaches is always better than cleaning up afterwards, but it still helps to prepare a data breach response plan and get your staff to master it to minimize the damage.
Conduct regular security assessments
Regular vulnerability scans and penetration tests help you spot weaknesses before attackers do. This is especially important after big changes such as new software, mergers, system migrations, or staff changes. Think of it as a health check for your digital setup.
What to do if you’re part of a data breach
Even with the best precautions, data breaches can still happen. If you find out your data, or your customers’ data, has been exposed, move quickly and methodically.
- Find out what information was exposed
- Change passwords immediately
- Inform your organization and your users
- Monitor financial accounts and protect credit
- Watch for phishing “aftershocks”
- Report to the appropriate authorities
- Consider identity theft protection services
Find out what information was exposed
Start by figuring out what was exposed. Read any data breach notification carefully—businesses have to tell you what types of sensitive data were compromised. Check which systems were affected and see if passwords, payment info, or regulated data were involved.
For individuals, the free tool Have I Been Pwned lets you enter your email address and check if it has appeared in any known breach database.
Change passwords immediately
Reset admin credentials right away, then require password changes for all affected users. Enable MFA if it isn’t already active, and block repeated login attempts going forward. This is precisely why unique passwords for every account matter — one exposed credential shouldn’t open the door to everything else.
Inform your organization and your users
Coordinate internally with IT, legal, leadership, and customer support. Follow all notification requirements relevant to your industry and state. When communicating with customers, use clear, calm messaging that explains what happened, what was affected, and what steps they should take.
Monitor financial accounts and protect credit
Encourage affected customers to closely monitor their financial accounts. If sensitive identification data like Social Security numbers were exposed, advise them to consider placing a fraud alert on their credit reports—which requires creditors to verify identity before opening new accounts—or a credit freeze, which prevents new accounts from being opened entirely. Both are powerful tools for identity theft victims.
Watch for phishing “aftershocks”
After a breach, phishing activity spikes. Attackers use stolen data to craft more convincing, targeted scams. Be extra vigilant about unsolicited emails, calls, or texts claiming to be from affected companies, banks, or government agencies. When in doubt, navigate directly to official websites rather than clicking any links.
Read our guide on What is Phishing? How it Works and Tips to Protect Yourself for more information.
Report to the appropriate authorities
For identity theft and financial fraud, file a report with the Federal Trade Commission (FTC). It will also generate a personalized recovery plan. For broader cybercrime, the FBI’s Internet Crime Complaint Center (IC3) accepts reports. Your state attorney general’s office may also have state-specific resources and requirements.
Consider identity theft protection services
Services like Aura, LifeLock, or IdentityForce monitor your personal information across credit bureaus, public records, and the dark web, alerting you in real time to suspicious activity. Many also offer insurance coverage and hands-on resolution support. If Social Security numbers or financial details were part of a breach, this kind of protection is well worth considering.
Frequently asked questions
A data breach is a security incident in which sensitive information is accessed or exposed without authorization. It can be through hacking, human error, accidental misconfiguration, or physical theft.
Common signs of data breaches happening on small businesses include unusual admin logins, unexpected password resets, unknown files/users, redirects, sudden traffic anomalies, or customer complaints.
They overlap, but aren’t identical. A data leak typically implies accidental exposure—like a misconfigured public database. A data breach includes both leaks and deliberate, malicious access. In practice, “breach” is the broader term.
Your exposed data could be used for identity theft, financial fraud, or highly targeted phishing scams. The key is to act fast: change passwords, enable MFA, monitor your accounts, place fraud alerts, and report the incident.
The most common groupings are credential-based breaches (stolen or compromised credentials), vulnerability- and malware-based breaches (exploitation of software weaknesses), and exposure-based breaches (accidental disclosure due to misconfiguration).
Stop breaches before they start
Most data breaches don’t require expert hacking skills. They succeed because of preventable gaps such as weak passwords, ignored updates, untrained staff, and unencrypted connections.
Close those gaps, and you’re already ahead of the vast majority of targets and keeping attackers at bay.
Start with the security essentials: MFA and strong passwords, regular software updates, SSL encryption, malware and vulnerability scanning, reliable backups, and ongoing staff training.
Cybercriminals count on businesses being underprepared. The fact that you’re here means you’re already changing that equation. Let us help your site’s security. Our web hosting services provide malware scanning and reliable support so you can have protection from the get-go.
