19 Nov 2019

How to Identify a Data Breach and Report it Quickly

Data breaches are a regular occurence in our modern world, and it is vital that companies know how to identify one and take the necessary steps to report it. There are also a number of steps a business should take to make sure data breaches don’t happen in the first place. 

This article will take a comprehensive look at what a data breach is, how you can identify one, how to report one, and preventative measures you can take.

What is a data breach?

Contrary to popular belief, a data breach is not considered to be an attack or threat on its own. Typically, a data breach is the result of a cyberattack, which allows criminals to gain access to personal and financial data. The most common types of cyberattacks that are used in data breaches are spyware, phishing, and broken or misconfigured access controls.

In the majority of data breaches, criminals want to steal personal information such as email addresses, usernames, passwords, and banking information. That data is then used to breach other accounts, steal your identity, or make fraudulent purchases. In some cases, malicious actors will sell your data to other criminals.

Very rarely, a hacker will steal data just to prove that they can, like in the 2015 VTech data breach.

Why do data breaches happen?

According to the Ponemon Institute’s 2018 Cost of A Data Breach study, nearly half of all data breaches are a result of criminal activity. Another quarter happens from human error, and the remaining quarter from system glitches.

Data breaches originate from external or internal sources. External sources include criminals, disgruntled former employees, or suppliers who do not have up-to-date cybersecurity protocols. Internal sources are typically employees who either allow data to be stolen due to ignorance, carelessness, or by purposefully leaking/stealing it.

In any company that deals with data, it is not only important to have sufficient cybersecurity practices in place, but to also adequately train employees to prevent data breaches caused by human error. 

How to identify a data breach

While for obvious reasons a proactive approach is best for preventing data breaches in the first place, there are a number of warning signs that can indicate your business has experienced a data breach. The following signs are all red flags that should lead to further investigation:

  • The presence of unexpected software or system processes
  • Alerts from malware protection solutions or notifications that these services have been disabled
  • Repeated application or system crashes
  • Strange user activity (such as logging in at weird times, from abnormal locations, or from several locations in a short period of time)
  • Abnormally high system, network, or disk activity (in particular when the majority of applications are idle)
  • Unusual behavior during browsing (such as pop-ups, redirects, or changes to browser configuration)
  • Configuration changes that cannot be traced back to an approval
  • Activity on unusual network ports
  • Sudden and unexpected user account lockouts, password changes, or group membership changes
  • Reports from contacts and/or customers that they have been receiving strange messages from you by email or social media
  • A message from an attacker (often via ransomware)

Whether you have a small or large business, data breaches can have serious financial consequences. The faster a data breach can be detected and taken care of, the lower the cost will be. As a result, it is vital to have systems in place to help identify and contain breaches.

As mentioned earlier, most data breaches are caused by criminals or malicious insiders. Therefore, companies need to maintain strong digital security and consider where they may be vulnerable both internally and externally. 

It can be hard to identify a data breach, as malicious actors try to be secretive in order to steal as much data as possible. As such, it is very important to perform regular checks and to continuously monitor for any of the above-mentioned warning signs. It may make sense for some companies to outsource their cybersecurity needs to experts in the field.

How to report a data breach

Reporting a data breach depends heavily on where your business and your customers are located. In the United States, it is required by law to notify individuals who have had their data breached. In most states, information regarding the breach also needs to be provided to credit bureaus, and in some cases to the state attorneys general and/or other state officials. The laws vary greatly between states.

In the United Kingdom, thanks to GDPR, data breaches need to be reported within 72 hours to the Information Commissioner’s Office. Additionally, it is necessary to inform anyone who may have had their data compromised as a result of the breach. 

In Canada, reporting a data breach has only been a legal requirement since 2018. Compared to GDPR laws, Canada’s laws regarding data breach reporting are far too lax and companies are largely responsible for their own reporting.

Regardless of which country you live in, it is important to quickly report a data breach, no matter how small. Failure to do so may not only result in fines and punishments, but will also cause you to lose the trust of your customers.

How to prevent data breaches

The best way to prevent a data breach from occurring is to take a proactive approach when it comes to your organization’s cybersecurity. Here are our top recommendations:

  1. Bring in the experts - This may seem obvious, but it is crucial to employ people who know what they are doing to make sure data is safe. The ideal person should also have a good understanding of your business and how it works with data. For smaller businesses this option may be expensive, but it is far better than facing a data breach.
  2. Stay on top of the latest trends - Criminals are constantly developing their skills to stay ahead of security protocols, which means you need to stay one step ahead. If new attack methods emerge, it is vital that you are aware of them so you can have a good defence system. Additionally, make sure that all of your programs, applications, etc., are all up-to-date, as updates often contain important security patches.
  3. Make use of data breach detection tools - Modern crimes require modern technology, and a big part of that are data breach detection tools. These not only help you identify a breach far faster, but can let you know where your weak spots are too.
  4. Take advantage of global threat intelligence - As stated in the SANS State of Cyber Security Intelligence Survey, companies that use global cyber threat intelligence have a leg up when it comes to dealing with data breaches. Not only are response times faster and more accurate, but these organizations are also better at identifying and preventing new threats.
  5. Monitor your organization - In order to detect and investigate breaches in your company’s cybersecurity protocol, it is necessary to see where your system was compromised. Security analysts will want to look at a number of things including logs and events from applications and security systems.
  6. Be aware of the latest attacks - Knowing how criminals are targeting other organizations can help you figure out the best way to protect yours. Most detection products only allow you to see threats as they happen. By knowing what tactics criminals are using ahead of time, you can take a more proactive approach to preventing a possible data breach.
  7. Train your staff - Given that employees, knowingly or unknowingly, are responsible for a fair amount of data breaches, it is important that you give your staff regular training. They should know how to spot attacks and possible vulnerabilities, and what steps they should take once they do. Training should be a regular occurence and should be given after any security incident. Negligence is a major factor when it comes to data breaches; by making sure your staff is knowledgeable you are helping to mitigate human error.


Studies show that on average it takes almost 200 days for companies to discover that there has been a data breach. By the time a breach is detected (over half a year later), someone’s identity might have already been stolen, or their data may have been sold to another criminal. Data breaches are not going to disappear any time soon, and it is crucial that businesses of all shapes and sizes step up to the plate when it comes to data protection.  

With the number of data breaches seemingly growing larger and larger each year, data protection has become a hot topic, and rightfully so. As a result, laws regarding data protection are increasing, placing more and more responsibility on the organizations who deal with data in the first place. No one wants to have their identity stolen or their data used for illegal purposes, and companies should take responsibility for their own cybersecurity. Now, more than ever, it is vital that companies take a proactive approach to data protection and work towards making major data breaches a thing of the past. 

Any Questions?

Our team is always ready to help you and your business.
Get in touch

Latest Articles

We should have some subheading here, it’s good for SEO as well
Regulation Focus Series | Article 11: Germany and BaFin
As Europe's largest economy and a major global financial powerhouse, Germany is unsurprisingly a major target for illicit financial activity.…
31 Jan 2024
What does the EU's MiCA Regulation mean for Crypto Companies?
The EU recently introduced a new regulation called the Markets in Crypto-Assets (MiCA) in order to regulate and supervise the…
23 Jan 2024
How to take your KYC onboarding to the next level in 2024
Each new year arrives with fresh perspectives and approaches, and this also applies in the world of KYC and AML.…
12 Jan 2024