5 things you need to know about what is a data breach as millions of passwords leak online
- A data breach is when sensitive, protected, or confidential information is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so. Think of it like a digital lock being picked, but instead of a physical safe, it's a company's database containing usernames, credit card numbers, or medical records.
- The most common cause isn't a master hacker in a hoodie—it's human error. Simple mistakes like falling for a phishing email (where someone clicks a fake link), using weak passwords like "123456," or losing a work laptop can open the door for cybercriminals.
- The impact goes far beyond just leaked email addresses. When personal data gets exposed, victims face identity theft (someone opening credit cards in your name), financial fraud, or even targeted phishing attacks that feel scarily personalized because the criminals have your private details.
- Companies are legally required to notify you in many regions, but often not immediately. Under laws like GDPR in Europe or state laws in the US, businesses must inform affected individuals within a certain timeframe (usually 72 hours), but the process can take weeks as they investigate the scope of the leak.
- You can protect yourself better than most people think. Use a password manager to create unique, complex passwords for every account, enable two-factor authentication wherever possible, and freeze your credit with major bureaus (it's free and stops fraudsters from opening new accounts in your name).