Data Breach

A data breach is an event in which an unauthorized party accesses, discloses, or exfiltrates protected, sensitive, or confidential data from an information system, network, service, or physical medium.

Expanded Explanation

1. Technical Function and Core Characteristics

A data breach occurs when a security failure allows unauthorized access to data in a way that violates confidentiality requirements established by law, policy, or contract. The event can involve viewing, copying, transmitting, using, or destroying data without authorization.

Breaches can result from malicious attacks, inadvertent actions, or misuse by authorized users. They can affect data in any state, including data at rest, data in transit, and data in use, across on-premises (on-prem) and cloud environments.

2. Enterprise Usage and Architectural Context

Enterprises define a data breach within their information security and privacy programs to align with regulatory definitions and internal risk frameworks. Security architectures use this definition to design controls for Data Loss Prevention (DLP), access management, monitoring, and incident response.

Architects and security leaders map breach scenarios to technical controls across identity and access management, network security, encryption, logging, and backup systems. They also integrate breach detection and response workflows into Security Operations (SecOps) centers and incident management processes.

3. Related or Adjacent Technologies

Related concepts include security incident, data exfiltration, privacy incident, and ransomware event, each of which may involve or cause a data breach. Data breaches often intersect with vulnerability management, identity compromise, and misconfiguration of cloud or application services.

Technologies commonly associated with preventing or detecting data breaches include DLP tools, intrusion detection and prevention systems, Security Information and Event Management (SIEM) platforms, Endpoint Detection And Response (EDR) tools, and encryption and tokenization mechanisms.

4. Business and Operational Significance

For enterprises, a data breach has regulatory, contractual, and operational consequences because it may trigger mandatory notifications, investigations, and remediation activities. Organizations must coordinate legal, compliance, security, IT, and communications functions when responding to a breach.

Data breaches drive requirements for governance processes such as data classification, retention, Third-Party Risk Management (TPRM), and business continuity planning. They also inform metrics and reporting for boards and regulators, including breach frequency, scope, root cause categories, and time to detect and contain events.