What exactly is a data breach?

Oct 12, 2022

If it seems like data breaches are in the news nearly every day, it's because they are. While breaches at large companies often dominate the headlines, cybercriminals are also hacking local and state governments, public and private universities, and school districts. Yet, despite the prevalence of the breach-centric news cycle, many people don't know what exactly a data breach is, how it typically starts, and why it occurs.

We've put together some helpful information on what data breaches are and the steps you should take if you suspect or know you have experienced one. By understanding the anatomy of data breach, you can help keep your government's data safe and secure.

What is a data breach?

While it may seem like a complex concept, a data breach is simply an incident that exposes confidential, sensitive, or protected data to an unauthorized person. And while data breaches can be the result of a system or human error, the vast majority of data breaches are the result of cyberattacks, where a criminal gains unlawful access to sensitive system data.

What kinds of data can be breached?

Your government has a lot of information that cybercriminals find valuable, including your employees' names, dates of birth, social security numbers and payroll information. Criminals also want the information you maintain on the residents and businesses you serve, such as tax information, vendor payments and credit card numbers.

What are some of the tactics used to execute data breaches?

Cybercrime is growing more sophisticated every day. However, cyberattack tactics don't have to be cutting-edge or advanced to be effective. Here are a few examples of popular tactics that cybercriminals use:

  • Phishing: Phishing is when a cybercriminal pretends to be a legitimate party in hopes of tricking someone into giving them access to personal information. Phishing is one of the oldest tricks in the book for cybercriminals, but it is just as effective as ever. In fact, according to Microsoft, 90 percent of data breaches stem from phishing attempts.
  • Malware: Another tried-and-true method for cybercriminals is malware. Malware is malicious software that secretly installs itself on devices, often by way of a user engaging with fake links and content or even just opening an attachment. Once the user has clicked on the link, the criminal quietly gains access to the data on the person's device or business network.
  • Password attack: Through password attacks, cybercriminals look to gain access to sensitive data and networks by way of “cracking” user passwords and using these credentials to get into networks and extract data.

What do you do if you suspect a breach?

If you suspect that you have been the victim of a breach, immediately contact your IT department or managed service provider to notify them and follow subsequent protocols to help them scan, detect, and remediate any issues.

If you suspect or experience a breach (including a ransomware attack) that affects your financial records, you need to file a report with SAO. Even if a breach doesn't involve financial records, you may have to report it to the Attorney General's Office (AGO). If any single breach affects more than 500 Washington residents, consider speaking to your legal counsel and then report it to the AGO. Learn more about reporting on the AGO's website.

Additional resources

SAO has a number of resources to help you improve your government's cybersecurity. You can find more on our #BeCyberSmart webpage.

  • Phishing posters – These colorful posters, designed to be printed and displayed around your office, remind employees to be suspicious of opening malicious emails from would-be cybercriminals.

How to reach us for more assistance

Do you have questions about cybersecurity? SAO's Center for Government Innovation has a cybersecurity specialist available to talk with you about best practices and resources. For assistance, reach out to us at Center@sao.wa.gov.