Data leakage

What is data leakage?

The unauthorized transmission of data from an organization to any external source is known as data leakage. This data can be leaked physically or electronically via hard drives, USB devices, mobile phones, etc., and could be exposed publicly or fall into the hands of a cyber criminal.

How is data leakage different from data loss?

While the terms data leakage and data loss are similar, they differ in the following ways:

  • Data is said to be lost when it is no longer accessible. Data loss occurs primarily through hardware issues like power outages, computer failure, hard drive crashes, etc. This lost data may be restored depending on several factors.
  • In the case of a data leak, the information is exposed outside the organization. It could be lost, or be possessed by someone who does not hold the legal right to it.

Types of data leakage

Data leakage is classified based on how the leak occurs or by whom it was perpetrated.

  • Malicious insiders

    Unhappy employees or business partners who leave the organization may try to steal data and leak it to competitors, or sell it for a hefty amount on the black market.

  • Physical exposure

    Hard drives or USB devices with sensitive content are often left unattended by employees, putting data at risk.

  • Electronic communication

    Many organizations are embracing bring your own devices (BYOD) policies and encouraging employees to use their own devices at work. Hackers take advantage of this and try to trick the user into clicking unassuming links, giving the hackers access to the devices and the data on them.

  • Accidental leakage

    The most common cause of data leak is human error. Frequent mishaps include employees sending emails containing critical information to the wrong recipients, flaws in security policies such as excessive permissions to critical files, sensitive data left exposed due to unpatched vulnerabilities in the software, etc.

Data leakage examples

An increasing number of companies have fallen victim to data security threats. Some of the most infamous data leak incidents that have taken place include:

Facebook-Cambridge Analytica data leak

The Facebook-Cambridge Analytica scandal came to light in 2018, when an ex-employee of Cambridge Analytica, a British political consulting firm, revealed information on how the company had acquired the data of more than 50 million Facebook users. The firm developed an app named This is your digital life, which acquired its users' and their friends' details from Facebook. This data was used to influence users during a political campaign.

Amazon S3 cloud leak

Amazon Simple Storage Services, or Amazon S3, is no stranger to data leaks. There have been several instances when its cloud storage buckets have been misconfigured and permissions set to public inadvertently by organizations. In December 2019, a UK consulting firm's storage bucket leaked, revealing sensitive information including criminal records, emails, and job applications dating back to 2014.

Exactis data leak

A Florida-based marketing firm named Exactis found that its consumers' data has been exposed due to an unprotected server that allowed public access. While the data did not contain Social Security numbers or credit card information, it did include other personally identifiable information (PII) such as phone numbers and email addresses.

Preventing data leak using DataSecurity Plus

Most data leaks occur due to unintentional errors or malicious insiders who take advantage of devices that don't have data leak prevention (DLP) strategies in place. DataSecurity Plus' DLP solutions help administrators secure endpoint devices to minimize the possibility of data leakage.

Safeguard critical data

Monitor who accesses your critical files, analyze file permissions, and use automated responses to ensure that data does not leave your organization using data security software.

Stop endpoint data leaks

Keep an eye on data transferred to storage devices like USB drives or via emails and deploy predefined policies that block the leak using the data loss prevention tool.

Implement copy protection

Ensure business-critical files are not copied by blocking the action or using interactive user prompts that can warn the users about its risk with the copy protection tool.

Contain ransomware attacks

Detect malicious data theft, trigger instant alerts, and shut down infected systems to prevent data from leaking using ransomware protection software.

DataSecurity Plus helps prevent data leak by constantly monitoring endpoints for high-risk activities, and can stop data leak using incident response measures.

Download a free, 30-day trial
Email Download Link