Skip to content

Dissecting data breaches: The anatomy of a breach 

February 16, 2024

As of the beginning of 2024, over 5 billion individuals are actively engaged in the online world, reflecting the ongoing growth of the digital population. Sign-ups and sign-ins, likes and comments, online purchases–these trillions of digital interactions that take place every day–all create risk. Online activity opens the door for fraudsters to penetrate networks, compromise data, and steal personally identifiable information (PII), making everyone a potential victim. As the digital landscape continues to evolve, data rapidly becomes a vulnerable target for bad actors.  

What is the intention behind a data breach?  

A data breach is an intentional security incident that exposes sensitive, confidential information to unauthorized third parties. Financial gain is the key driver for fraudsters to carry out breached data attacks, where they’re able to steal sensitive information like social security numbers (SSNs) and sell it on the dark web or to other fraudsters for as little as $4. It’s no secret that breached data is valuable to fraudsters across the internet. It’s used to take over user accounts, steal or fabricate identities, inflict financial harm, and more.

Some examples of the exposed information can include: 

  • PII such as SSNs, phone numbers, or banking information. This type of sensitive information can easily be sold on the dark web. 
  • Protected Health Information (PHI) such as medical details or health insurance information secured by Health Insurance Portability and Accountability Act (HIPAA). This sensitive data allows fraudsters to commit medical fraud, impersonate patients, obtain personal information through patient records, and more.  
  • Intellectual property (IP) such as proprietary business details, patents, or trade secrets. The compromise of such sensitive information can lead to adverse business impacts like reputational and financial loss. 

How does it happen?  

A classic data breach attack can be simplified into three broad steps: 

  1. Investigation: Fraudsters begin by hunting for a prime target, such as an e-Commerce platform or a fintech company. Once the target has been identified, they then make sure the target is worth pursuing by searching for weaknesses, big or small. These weaknesses may be exploited through phishing or testing weak credentials stolen from the dark web.  
  1. Attack execution: Now that the fraudster has their target locked, they will then launch their attack. The hacker may use a social engineering campaign, directly exploit vulnerabilities in the organization’s system, or use stolen login credentials to infiltrate.
  1. Data is exposed: By this stage, the bad actor has acquired the confidential data they’re after. This could mean a variety of things. The fraudster now has the discretion to choose how to proceed—whether it’s selling the stolen data onto the dark web, locking authorized users out of the system, manipulating sensitive data, creating new accounts with breached data, carrying out account takeover attacks, making account changes, or executing unauthorized high value transactions. 

The impact 

The consequences of a data breach can include reputational loss, financial loss, and ultimately customer trust erosion for both consumers and businesses. Data breaches have proven to be an expensive $8-9 million problem, which is the average cost of a data breach in the United States. As one can guess, data breaches do not discriminate—organizations both large and small, can be viable targets. Over 80% of breaches involved brute force or the use of lost or stolen credentials. There are many factors that can contribute to a data breach. Sometimes, it’s as simple as an innocent user reusing a password or a fraudster easily purchasing an SSN or stealing account credentials. Data breaches exploit vulnerabilities throughout the entire customer journey. 

Data breaches can also have a domino effect. The impact is not limited to breaches within your own organization. Incidents in other businesses can disrupt customer trust across multiple industries. When sensitive information is compromised at one organization, it can become the key to accessing higher-value information at other organizations by exploiting the initially breached data. For example, if your email and password credentials are breached and exposed, they can then be used for credential stuffing, allowing unauthorized access to higher-value accounts such as banking/financial, medical, and other social media platforms. 

Protecting your business against breached data attacks 

There are a number of practical steps you can take to proactively protect your business from data breaches. 

  • Ensure general ecosystem security by maintaining a secure architecture. Networks can be vulnerable when they aren’t properly updated. This means implementing proper firewalls, encryptions, VPNs, traffic monitoring, and ensuring routine security updates are in place to mitigate vulnerabilities.  
  • Incorporate MFA into your workflows. Multi-factor authentication (MFA) is a crucial security measure that adds an extra layer of protection to your online accounts or systems, going beyond just a username and password. MFA requires users to provide two or more different authentication factors to verify their identity before granting access. Telesign delivers phone-based verification using a one-time passcode (OTP) sent over SMS (SMS Verify) or voice message (Voice Verify) to securely confirm possession. Organizations can also employ Telesign Silent Verification to seamlessly verify users without sending an OTP.  
  • Implement fraud prevention tools in your tech stack. Telesign Breached Data, the newest add-on to Telesign Phone ID, confirms if and when critical PII, such as phone number, username, password and more, were compromised in a recent data breach. Layer Breached Data into your existing account integrity workflows to protect customer accounts against account takeover. Telesign Breached Data can also help you onboard securely by notifying you if any new users are submitting information that has been recently compromised. Knowing breach status limits allows you to deliver accurate risk recommendations for new users before they apply for loans, open accounts in a victim’s name, or otherwise disrupt the existing customer ecosystem.  

To learn more about Telesign Breached Data, download the solution brief here.