What Is a Data Breach?
A data breach is any incident in which sensitive, confidential, or protected information is accessed, stolen, or exposed without authorisation. Breaches can affect individuals, corporations, and governments alike - And the consequences range from financial fraud and identity theft to regulatory fines and reputational damage. Understanding how breaches happen and what to do after one is essential digital literacy. Use the breach check tool to see if your email has already appeared in a known breach.
Types of Data Commonly Exposed in Breaches
| Data Type | Risk if Exposed | Common Breach Sources |
|---|---|---|
| Email address + password | Account takeover via credential stuffing | Retail sites, forums, SaaS platforms |
| Credit card numbers | Fraudulent purchases | E-commerce, payment processors, POS systems |
| Social Security / National ID numbers | Identity theft, fraudulent loans | Healthcare, government, HR systems |
| Medical records | Insurance fraud, privacy violations, discrimination | Hospitals, insurers, pharmacies |
| Date of birth + full name | Identity verification bypass | Any platform with KYC |
| IP addresses + browsing history | Profiling, targeted attacks, deanonymisation | ISPs, analytics firms, ad networks |
| Hashed passwords (weak hashing) | Password cracking via rainbow tables or GPU attacks | Sites using MD5 or SHA-1 without salting |
How Data Breaches Happen
The most common causes are: SQL injection attacks targeting web application databases; credential stuffing using leaked username/password pairs from previous breaches; phishing attacks that compromise employee credentials; misconfigured cloud storage buckets (S3, Azure Blob) exposed to the public internet; insider threats from employees with excessive data access; and unpatched or zero-day vulnerabilities in operating systems or web frameworks.
What to Do After a Data Breach
- Check if your email is in any known breaches using the breach check tool - Search by email address against leaked databases.
- Immediately change the password on the breached account and anywhere you reused the same password.
- Enable two-factor authentication (2FA) on the affected account and all high-value accounts.
- Monitor your bank and credit card statements for unusual transactions for at least 90 days.
- Consider placing a credit freeze with the major credit bureaus if your SSN or national ID was exposed.
- Check your email address against the breach database regularly - New breaches are discovered and indexed continuously. Encryption of stored passwords reduces the window of exposure.
The Lifecycle of a Breach - From Intrusion to Your Inbox
1. Intrusion and exfiltration
The attacker gains access - Through stolen credentials, an unpatched flaw, or a misconfigured database - And quietly copies data out. This stage can last months before anyone notices, which is why breach disclosure dates often lag the actual compromise by a year or more - Even though regulations like the GDPR require notification within 72 hours of a breach being discovered.
2. Sale and circulation
Stolen datasets are sold privately, traded on forums, and eventually dumped publicly. Once public, the data is merged into "combo lists" - Giant compilations of email/password pairs used to fuel automated credential-stuffing attacks against every major site.
3. Indexing and notification
Services like Have I Been Pwned (haveibeenpwned.com) and the breach check tool index disclosed breaches so individuals can search their own email address. If your address appears, it tells you which breach exposed it and what data classes were included - Passwords, phone numbers, addresses - So you can respond proportionately.
Your Post-Breach Priority Order
| Priority | Action | Why First |
|---|---|---|
| 1 | Change the breached password, plus everywhere it was reused | Credential stuffing begins within hours of a dump circulating |
| 2 | Enable 2FA on email first, then banking and socials | Your email account can reset every other password you own |
| 3 | Switch to a password manager with unique passwords per site | Makes every future breach a single-account problem instead of a cascade |
| 4 | Watch for targeted phishing referencing the breached service | Attackers use breach details to make scam emails convincing |
| 5 | Credit freeze / fraud alert if government ID numbers leaked | Stops fraudulent accounts being opened in your name |
What This Means for You
You cannot prevent companies from being breached - Your defence is making any single breach worthless. Three habits achieve that: a unique password per site (so one leak opens one door), two-factor authentication on accounts that matter (so a leaked password alone is not enough), and a periodic check of your exposure with the breach check tool. Treat any "verify your account" email arriving after a publicised breach with extra suspicion - Follow the checks in how to check if a website is safe before entering credentials anywhere.
Frequently Asked Questions
My email appeared in a data breach - Is my email account hacked?
Not necessarily. A breach listing means a third-party site where you registered with that email was compromised - Not your mailbox itself. The risk is the password you used on the breached site: if you reused it for your email account, change the email password immediately and enable two-factor authentication.
Should I delete accounts on sites that were breached?
Deleting unused accounts is good hygiene - Every dormant account is breach surface holding your data. For services you still use, deletion is unnecessary; change the password, enable 2FA, and review what personal data the account stores. Data already stolen cannot be recalled either way.
How do breached passwords get cracked if they were hashed?
Hashes are not encryption - Attackers guess passwords, hash each guess, and compare against the stolen list at billions of guesses per second on GPUs. Short and common passwords fall in seconds; long random ones hashed with modern algorithms like bcrypt may never fall. Length and uniqueness are your defence.