What Is a Data Breach?
A data breach is any incident in which sensitive, confidential, or protected information is accessed, stolen, or exposed without authorisation. Breaches can affect individuals, corporations, and governments alike - And the consequences range from financial fraud and identity theft to regulatory fines and reputational damage. Understanding how breaches happen and what to do after one is essential digital literacy. Use the breach check tool to see if your email has already appeared in a known breach.
Types of Data Commonly Exposed in Breaches
| Data Type | Risk if Exposed | Common Breach Sources |
|---|---|---|
| Email address + password | Account takeover via credential stuffing | Retail sites, forums, SaaS platforms |
| Credit card numbers | Fraudulent purchases | E-commerce, payment processors, POS systems |
| Social Security / National ID numbers | Identity theft, fraudulent loans | Healthcare, government, HR systems |
| Medical records | Insurance fraud, privacy violations, discrimination | Hospitals, insurers, pharmacies |
| Date of birth + full name | Identity verification bypass | Any platform with KYC |
| IP addresses + browsing history | Profiling, targeted attacks, deanonymisation | ISPs, analytics firms, ad networks |
| Hashed passwords (weak hashing) | Password cracking via rainbow tables or GPU attacks | Sites using MD5 or SHA-1 without salting |
How Data Breaches Happen
The most common causes are: SQL injection attacks targeting web application databases; credential stuffing using leaked username/password pairs from previous breaches; phishing attacks that compromise employee credentials; misconfigured cloud storage buckets (S3, Azure Blob) exposed to the public internet; insider threats from employees with excessive data access; and unpatched vulnerabilities in operating systems or web frameworks.
What to Do After a Data Breach
- Check if your email is in any known breaches using the breach check tool - Search by email address against leaked databases.
- Immediately change the password on the breached account and anywhere you reused the same password.
- Enable two-factor authentication (2FA) on the affected account and all high-value accounts.
- Monitor your bank and credit card statements for unusual transactions for at least 90 days.
- Consider placing a credit freeze with the major credit bureaus if your SSN or national ID was exposed.
- Check your email address against the breach database regularly - New breaches are discovered and indexed continuously. Encryption of stored passwords reduces the window of exposure.