Is There Any Difference Between a Data Hack and a Data Breach?

You've heard of data breaches and data hacks. It's been all over the news in recent years with journalists using the words interchangeably, but are they the same? There are similarities to be sure, but they're not the same thing. In the digital age being computer literate is more important than ever, and understanding the subtle differences between a hack and a breach can mean the difference between your private data staying private and having it leaked all over the internet.

What are hackers and how does hacking work?

Let's start with hacks. We've all seen computer hackers on tv and in Hollywood movies. Cool, rebellious types clad in black furiously typing away at their keyboards to hack the NSA or CIA or whatever, but is that reflective of reality? What is a hack even? Well, a hack is a deliberate attack against your computer's defenses committed by a malevolent third party who aims to gain illegitimate entree into your system with the goal of stealing private or business information, which they will sell or use to blackmail you later.

Sometimes that third party can be just one man (or woman) or it can be a whole group of hackers working in unison. There are two types of hackers out there, the ones who hack systems manually, which requires a great deal of knowledge and skill, and the so-called "script kiddies", who rely on computer programs to do all the heavy lifting for them. Either way, they're dangerous.

However, it's vital you know that not all hackers are evil. There two groups of hackers, the white hats and black hats. I don't need to tell you who the good guys are, right? White hats work for software security firms, and it's their job to constantly test the online defenses of their employers for potential weaknesses. Black hat hackers are, of course, the bad guys, whose goal is to steal valuable information usually.

Examples of hacking incidents.

One of the most infamous examples is the DNC email scandal before the American presidential elections in 2016. The leaked emails dealt irreparable damage to Hillary Clinton's campaign and some say cost her the campaign against Donald Trump. Another example is the Home Depot hack in 2014. The hackers stealthily got access to the payment transactions on more than 7,000 checkout registers, which let them get over 50 million credit card numbers.

Got it, what's a data breach then, and what is the difference?

On the other hand, a data breach happens when information that is accidentally left unsecured is seen by malicious third parties (or any unintended third party, actually).

The main difference between a breach and a hack is that the hack is the result of an intentional attack, while the breach is the result of human negligence.

For example, take the Facebook and Cambridge Analytica incident that blew up the internet and forced Mark Zuckerberg to explain himself in front of the Congress. Millions of Facebook users had their private and public data taken by Cambridge Analytica through Facebook. You'd think this is some kind of breach, but it was not. Cambridge Analytica simply exploited a mistake in Facebook's API (short for application programming interface) to gain access. No actual hacking was involved, it was simply a mistake on Facebook's part. That's small comfort for the 87 million Facebook users, who had their data leaked, though.

As you can see, the key difference between a breach and a hack is that one is the result of human negligence, while the other is an intentional attack on you. Understanding this simple distinction is the first step to adequately protecting yourself and your personal data.

June 28, 2018

Leave a Reply