Guides & articles 9 most common causes of data breaches

Peter Hammond Peter is a solicitor who has worked as a professional litigator for many years. More recently Peter has specialised in data breach compensation claims and over the last 2.5 years has gained a wealth of knowledge in this sector. Peter now works with us to share his knowledge and inform the general public.
causes of a data breach

More and more frequently over the years as technology has advanced so has the skills of cybercriminals and the risk of big organisations experiencing a data breach has increased significantly. To make sure your organisation is not one people are reading about in the news for being breached it is important to understand the most common causes of data breaches, and what you can do to mitigate the threats they can present.

1) Stolen/weak credentials, such as passwords

Attacks via hacking are one of the most common causes of data breaches, however, it is more often than not a lost or weak password that is the vulnerability in the system and that allows an opportunist hacker to exploit your company. 

The simple solution to prevent this causing a data breach for you is to use more complicated passwords that cannot be guessed and never share your password with anyone else.

2) Application vulnerabilities, back doors

Hackers don’t need to break into your system when someone has already left a door open for them to enter. Software applications that are Poorly written software applications or network systems that are not well designed or well implemented are easy for hackers to exploit as they leave holes that can be crawled into leading directly to your data. To avoid this situation, you should ensure all your software and hardware solutions are up to date and fully patched up with no weak points for criminals to get into.

3) Malware

Both direct and indirect malware is increasingly being used to access organisations’ personal data. Malware can be defined as a malicious software that is loaded without intention that opens up an opportunity for hackers to take advantage of a system and possibly other systems that are connected to it.

To prevent this from happening be cautious when going on websites that are not secure or not what they appear to be as well as opening emails from unknown sources. These are both popular methods of spreading malware that you should be aware of.

4) Social manipulation

As a hacker it would be easier to persuade someone more legitimate to access the data for you then going through the hassle of creating a way to get it yourself. If something looks too good to be true it probably is, and you shouldn’t trust the claims of someone you don’t know very well.

5) Too many permissions

Access permissions that are overly complex are ideal for hackers. A lot of businesses don’t keep tight control over who has access to what information within the organisation, which often leads to employees having the wrong permissions and out of date permissions for certain people. This makes it easy for hackers to take advantage of the confusion and get into the data. The solution to this is to keep things simple, be aware of who can access what information and don’t let things spiral out of control.

6) Threats from the inside

The well-known phrase “keep your friends close and your enemies closer” is very applicable here. A rogue employee, an unhappy contractor, or someone who isn’t aware that they already have access to your data, could want to copy, alter, or steal it if they have bad feelings towards your company. You can combat this by knowing who you are dealing with, act quickly when there is a hint of a problem, and cover everything with process and procedure that is backed up with training.

7) Physical attacks

Hackers are not always remote, they can be anyone, so it is important to check that your building is safe and secure to reduce the risk of a physical attack occurring. They can blend into a crowd and have a good line to persuade you to let them into your office and onto your computer system. Always be vigilant, check the identity of anyone coming into your company, and if you see anything suspicious report it straight away.

8) User errors, improper configuration

Human error is a natural thing that can happen in any organisation with a lot of employees. You should make sure all staff have sufficient training and awareness of the importance of data protection. With the right people in charge of securing your data and relevant and robust procedures in place to prevent user mistakes, then errors can be kept to a minimum which will less likely lead to an overall data breach.

Breaches don’t have to be caused by someone acting with malice, studies have shown that 1 in 5 incidents was the result of a mistake made by an employee. The most common errors of this nature involve sensitive information being sent to the wrong person. This could involve sending an email to the wrong person, attaching the wrong document, or giving a file to someone who shouldn’t be able to see that information.

9) Breaches without technology

Data breaches are typically thought of as cybercrime, but a significant number of incidents don’t involve technology at all. There are a lot of physical incidents that involve the theft of paperwork or devices like laptops, phones, and other storage devices. Now more than ever employees are increasingly encouraged to work from home or on the go, but if they aren’t closely watching their assets, an opportunist criminal could easily steal them. Another common physical data breach is card skimming. This is where criminals insert a device into card readers and ATMs to gather payment card details. 



0333 070 5800
Lines open 9am - 5pm Mon to Fri

Egerton House, 2 Tower Road, G5D, Birkenhead CH41 1FN

Start My Claim

© DataBreach Claims . © DataBreach Claims 2022. Data Breach Claims is a trading name of SJS Legal Limited (company number: 10598802). SJS Legal is authorised and regulated by the Solicitors Regulation Authority (SRA Number: 639197). This website is operating in accordance to the privacy policy. ICO reg no. ZA473694. Data Breach Claims connects clients to regulated solicitors who deal with data breaches. We do not perform any legal services but simply connect you to a legal representative.

Check free if you're owed an average £4,000 refund

Start My FREE Data Breach Claim 100% Safe & secure, no win no fee check