What is a Data Breach?

Data Breaches seem to be all over the news these days, so what are they and how can you keep your information safe?
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Data breaches continued to rise in 2021 and were up 23% over the previous all-time high in 2017, according to a recent Identity Theft Resource Center report. The volume of data breaches will only continue to grow, so it’s essential to ensure you’re taking care of yourself and your online information.

A data breach is any unauthorized viewing, theft, or use of sensitive, personally identifiable information by a person, group, or software system. While some data breaches are unintentional or don’t contain sensitive information, others are due to cyberattacks, phishing schemes, malware, or even just human or software error, exposing your personal information to hackers or thieves.

Understanding how breaches happen, the potential effects on your life and finances, and what you can do to protect yourself could go a long way toward mitigating any risks to your information.

In this article
How do data breaches happen?
How data breaches could affect you
How to prevent your info from being stolen in a data breach
What to do if your info is stolen in a data breach?
What are some of the biggest recent data breaches?
FAQs about data breaches
Bottom line

How do data breaches happen?

In March of 2022 alone, there were 88 publicly disclosed cybersecurity incidents and 3,987,593 breached records globally. Why are there so many? Here are a few of the ways data breaches happen.

Human Error

Unfortunately, accidents happen, and an employee using an unsecured computer to access sensitive information could lead to a data breach.

Social engineering is a specific type of cyberattack that relies on human error. For example, an employee might find a USB drive in the parking lot and bring it inside. In an attempt to return it to the right person, they plug it in. Unfortunately, that USB drive contains malware that compromises your system.

Malicious intent

An employee might purposefully access or steal information without permission to harm the company or profit from the sensitive data. This can also include launching malware or key loggers, which capture your keyboard strokes, and even phishing attacks designed to get you to click on dangerous links.

Physical Theft

If an unsecured or unencrypted smartphone, laptop, or external hard drive containing sensitive information is lost or stolen, that data may find its way to people who use it to steal identities or otherwise cause problems.


Hackers, or people who use computers to gain unauthorized information, use a variety of ways to access personal data and other valuable information. Some of them include launching malware into an organization’s system, stealing credentials to gain access, or attacking a network on the off chance they find weak points.

Hackers may use the information themselves or make it available to other cybercriminals or dark web dealers.

Additionally, hackers may use special software to guess passwords, which is one of many reasons why it’s essential to make sure you use strong passwords and protect yourself as much as possible to help prevent identity theft.

How data breaches could affect you

Data breaches cause many problems and headaches for businesses and governments, leading to a loss of revenue, a damaged reputation, and potential legal consequences if the organization is found negligent. Companies could have trade secrets, intellectual property, and other confidential information exposed, which could affect their bottom line for years to come.

Small businesses are especially vulnerable to cyberattacks. According to the National Cyber Security Alliance’s 2021 report, 58% of small businesses have been impacted by a data breach. 62% of those small businesses spent between $250,000 to $1 million to manage the costs of the breach.

For individuals, data breaches could expose crucial personal details such as:

  • Social Security numbers
  • Personal health information
  • Banking information
  • Credit card numbers
  • Phone numbers
  • Login information such as email addresses and passwords

Thieves could also steal your health insurance information to access health care (and potentially run up medical debt) under your name. They could even open utilities or buy a phone in your name.

Data breaches leave you vulnerable to credit card fraud, identity theft, and potential legal consequences depending on what is done in your name.

If you are a victim of identity theft, you may spend years trying to untangle the mess. You may need to file multiple police reports and report the crime to the FTC and the FBI’s Internet Complaint Center (ICC).

Identity theft could ruin your credit and cause massive financial problems such as not being able to get a loan or mortgage, at least while the authorities try to sort out what happened.

A data breach could also mean a lot of time and headaches while contacting the credit bureaus and reviewing your credit reports and account statements for any inconsistencies.

If you find fraudulent activity, you may need to freeze your credit report. If your banking information is compromised, you’ll need to go through the hassle of canceling and waiting for new credit and debit cards and updating all your payment information with various websites and any subscriptions you may have.

How to prevent your info from being stolen in a data breach

While you can’t control what businesses do regarding data security, you can incorporate best practices in your personal life to minimize the chances of unauthorized access to your devices and accounts.

To help keep you safe, review the following and see how your security stacks up.


  • Keep your security and antivirus software up to date (if you need some ideas, check out our roundup of the best antivirus software).
  • Keep your operating system and internet browsers up to date. Developers create new patches or software updates to help block out current phishing or malware schemes.
  • Delete any unused accounts you no longer use. For example, you may have started a blog in 2001 and not logged in for a decade or more, so you could delete the account. Consumer Reports has a step-by-step guide on how to remove information from several websites (remember LiveJournal?).

Passwords and email

  • Create and use strong passwords — the FTC recommends using this password checklist to ensure your passwords are as strong as possible.
  • Enable two-factor or multi-factor authentication wherever it’s available and use an Authentication App.
  • Choose security question answers carefully and make sure they aren’t easy to guess and that you’re the only one who knows the answers.
  • Consider a password manager to help you generate and store strong passwords.
  • Don’t click on any email, video, or web links that seem suspicious or sent from someone you don’t know.
  • Use a website such as haveibeenpwned to help you discover what personal information is already on the web.

Home Security

  • Secure your home Wi-Fi network by encrypting your network and changing your router’s default password(s). According to the FTC, you can encrypt your network by updating your router settings to WPA3 Personal or WPA2 Personal. If you have an older router, you may need to update your router software or buy a new router for increased security.
  • Make sure your Wi-Fi network's hardware and software are up to date, which can help a prevent a hacked router.
  • Disconnect unused hardware or smart devices from the internet and disable features you don’t use.
  • Be cautious about the types of smart products in your home and how they are configured. Remote access to devices may mean they could be hacked relatively easily, compromising your data protection.

Consider backing up your data in the cloud or on an external storage device so that if you do get hacked, become the victim of ransomware, or a virus slips past, you’ll have a backup copy of your files.

What to do if your info is stolen in a data breach?

While it can be scary to figure out how to stay safe online, remember that some basic precautions and swift action will help keep your information and finances secure.

If you believe your information was part of a data breach, consider the following steps:

Watch for data breach notifications

Keep an eye out for data breach notifications from companies informing you that your information was exposed in a security incident. The notification will typically tell you the type of information compromised. Due to the breach, some companies may offer free identity theft protection, sometimes with credit monitoring.

Set up fraud alerts

Set up fraud alerts on your credit report with the three major credit bureaus (Experian, TransUnion, and Equifax).

Watch your accounts

Keep an eye on your bank accounts and credit cards and set up alert features so that you know if someone has gained access to your financial information.

If your financial statements show signs of compromise (unauthorized or attempted charges), report it immediately and ask that your credit and debit cards be canceled and reissued.

Monitor your credit

Monitor your credit reports for unusual activity and notify the bureaus immediately if you see fraudulent activity. Through at least December 2022, the three credit bureaus will allow you to check your credit report weekly as an ongoing response to the COVID-19 pandemic.

Consider freezing your credit if suspicious activity appears. A credit freeze prevents potential new creditors from accessing your credit report unless you lift the freeze. It’s a more severe step than a fraud alert, which attaches a notice to your credit report that you’ve been a victim of fraud and advises businesses to contact you personally before extending credit.

What are some of the biggest recent data breaches?

Unfortunately, data breaches happen every day and to some of the biggest companies in the world. Not only are Target, Twitter, and Facebook (Meta) victims of data breaches, but lots of other companies have also been compromised.

Below are just a few of the data breaches that have taken place since the start of 2022.

Organization affected Date of data breach Affected records
Red Cross January 2022 515,000 records compromised
Crypto.com January 2022 483 users, $33 million in cryptocurrencies stolen
News Corp February 2022 No customer data was exposed, but journalist’s emails were stolen
Microsoft March 20, 2022 Stopped before breaching records, one account compromised
Cash App April 4, 2022 Up to 8 million customers

FAQs about data breaches


Did T-Mobile have a data breach?

T-Mobile has had several data breaches. The most significant was a data breach in August 2021. The cyberattack compromised the data of 47 million customers, former customers, and those who had applied for credit with the mobile telecom company.

While the breach did not expose customers’ payment information, the hackers accessed customers' social security numbers, names, birthdays, and driver’s license numbers.

T-Mobile alerted the affected customers and provided identity protection services, scam-blocking protection, and Account Takeover Protection.


What should you do after a data breach?

If you’re notified that your information is included in a data breach or leak, keep a close eye on your bank accounts and credit card statements. If you see unauthorized charges, report them immediately and ask that the account be closed or the cards reissued.

Check your credit report for any unusual activity and consider freezing your credit if you think there may be an active threat. It’s also important to review your passwords and change any actively involved in the breach or similar passwords to the breached password. Consider using a password manager to help you create and store strong passwords.


What happens if your Social Security number is leaked?

If you suspect that your Social Security number was leaked, or discover that someone filed a tax return or applied for government benefits using your social security number, be sure to act quickly to mitigate any damage.

Start by contacting the FTC website IdentityTheft.gov and filing a police report in your local jurisdiction. You may also want to file a complaint with the FBI’s Internet Crime Complaint Center (IC3) to send your complaint to multiple law enforcement agencies.

Then, request a fraud alert or credit freeze on your credit report.

If you request a fraud alert, you can file it at one credit bureau and it’s automatically added to the other bureaus. If you freeze your credit, you’ll need to contact each of the three credit bureaus separately.

Additionally, notify any businesses or benefits programs such as Medicare or the Social Security Administration that your Social Security number was stolen.


What does “data leak” mean?

Data leaks are often crimes of opportunity, and there is no actual attack intended, although your data is exposed all the same. Data leaks and breaches sound very similar and usually have the same result — someone gaining access to information they weren't supposed to see.

For example, a hacker may stumble across a vulnerability in a system, or a software program might accidentally let unauthorized users view secure information due to a glitch or malfunction.

On the other hand, a data breach is a deliberate attack against a web service, company, or organization and is intended to steal data. Even though the method is different, the threat to your private information is the same, and you should protect yourself against data breaches and data leaks.

Bottom line

Having your personal and financial information stolen in a data breach can be frightening, especially when you consider how much of our information exists online.

It’s essential to take the threat of cybercrime seriously and make sure to use strong passwords and multi-factor authentication wherever possible and keep your antivirus software and operating systems up to date.

If you haven’t yet, consider looking into a password manager to help you keep track of your passwords and any that might need to change due to a data breach.

While you can’t prevent data breaches from happening, protecting yourself could help you avoid multiple headaches and harm to your financial life.

Editorial Rating
Learn More
On Aura Identity Theft's website
Identity Protection
Aura Identity Theft
Up to 68% off Family Annual Plans
  • Excellent identity theft protection service
  • Includes a password manager and VPN
  • Robust tools for children’s security

Author Details
Kate Daugherty, a Denver-based professional writer with a B.A. from the University of Colorado, specializes in personal finance, digital security, and personal privacy. Inspired by her own credit theft experience, Kate is passionate about helping people stay safe online. Through her engaging articles in Finance Buzz, Success Magazine, and the Family Money Adventure blog, she shares easy-to-follow tips for boosting online security and financial well-being.