(also data leak)
Data leakage definition
In cybersecurity, a data leakage is an unauthorized disclosure or transfer of information to an external party. A data leakage can expose confidential files, customer details, intellectual property, or other sensitive data. A single data leakage may cost the organization millions in financial damages and cause serious harm to its reputation.
Real examples of data leakages
- Yahoo (2013-2014): Two major data breaches resulted in the theft of personal data from 3 billion Yahoo user accounts, including email addresses, phone numbers, birth dates, and security questions and answers.
- Equifax (2017): A data leakage that affected approximately 143 million US citizens. The incident was caused by a vulnerability in a web application, allowing hackers to access sensitive data like names, social security numbers, birth dates, and addresses.
- Marriott International (2018): A data leakage that affected up to 500 million customers of Marriott International’s Starwood Hotels brand. The stolen data included guest names, addresses, phone numbers, email addresses, passport numbers, and payment card details.
- Facebook (2018): The Facebook data leakage scandal involved Cambridge Analytica, a political consulting firm, collecting data (including personal information from up to 87 million Facebook users) without user consent to influence the 2016 US presidential election.
- Capital One (2019): A data leakage caused by a misconfigured firewall affected 100 million customers in the United States and Canada, exposing personal data like names, addresses, and credit scores to hackers.