Law
Fact-checked

At WiseGEEK, we're committed to delivering accurate, trustworthy information. Our expert-authored content is rigorously fact-checked and sourced from credible authorities. Discover how we uphold the highest standards in providing you with reliable knowledge.

Learn more...

What is a Security Breach?

C. Mitchell
C. Mitchell

Broadly speaking, a security breach is a violation of any policy or law that is designed to secure something. When people or vehicles bypass screening checkpoints, or enter secure buildings without presenting the appropriate credentials, security breaches are generally obvious. Less obvious are security breaches that involve data or information. In a data context, a security breach is any activity that compromises the confidential nature of certain information.

Most of the time, what is or is not a security breach is defined by law. Statutes in many countries set out security measures for any number of things, from border crossings to data sharing and electronic commerce transactions. A breach is usually defined as any action, intentional or otherwise, that weakens a certain defined security interest.

Theft of financial data, like credit card information, is considered a security breach.
Theft of financial data, like credit card information, is considered a security breach.

The best-known security breaches typically cause some noticeable harm. An airport security breach that allows a passenger to board a plane with a weapon, or a data loss that leads to identity theft are clear examples. Under most security breach laws, however, harm is not always a requirement. The threat of harm, or likelihood of harm, is usually enough.

Someone who passes through airport security with a weapon is an example of a security breach.
Someone who passes through airport security with a weapon is an example of a security breach.

Security breach laws in most countries operate on a likelihood of harm basis both to create incentives for strong security practices and to punish bad actions without waiting to see if someone or something gets injured first. Although punishments for breaches can be strict under law, the overriding goal is usually safety. Particularly where data breaches and information security breaches are concerned, even a likelihood of harm is often enough to prompt major protective actions.

Data security breaches are often caused by hackers.
Data security breaches are often caused by hackers.

As more and more sensitive information is stored online, the chances of Internet security breach and computer security breach become increasingly real, and with it the chance of identity theft, serious financial loss, or other harm. The majority of data security laws require any entity that regularly collects or stores sensitive information to take certain precautions when it comes to securing that information. Most of the time, data must be protected with a series of passwords and electronic keys. Mobile data, particularly including data stored on employee laptops or other portable hardware, must usually be protected against inadvertent disclosure or data breach in case of loss or theft.

An example of a security breach is if a traveler who has a weapon or is on a wanted list makes it onto a plane.
An example of a security breach is if a traveler who has a weapon or is on a wanted list makes it onto a plane.

Laws are often further specialized by industry. Many countries have health data security laws that are different than laws governing financial information and the possibility of credit card security breach, for instance. Each country, and sometimes within each country, each state or province, has different laws and mandatory security policies. Most also have laws related to how impacted individuals must be notified in case their information has been part of a security breach. Patients whose files were inadvertently posted to the Internet, students whose academic records were hacked from a university database, and others whose information was in any way compromised are generally entitled to at least notification, if not also remuneration and restitution.

Employee laptops must be protected from security breaches in the event of theft.
Employee laptops must be protected from security breaches in the event of theft.

The differences between what laws require can make it difficult for companies operating in multiple jurisdictions to ensure that their security practices are universally compliant. As the laws change and evolve with technology, so must individual security procedures. Most of the time, companies employ compliance officers, lawyers, and data security analysts to oversee all data and other information exchanges and to ensure that all relevant security laws are being followed.

Discuss this Article

Post your comments
Login:
Forgot password?
Register:
    • Theft of financial data, like credit card information, is considered a security breach.
      By: Steve Cukrov
      Theft of financial data, like credit card information, is considered a security breach.
    • Someone who passes through airport security with a weapon is an example of a security breach.
      By: James Steidl
      Someone who passes through airport security with a weapon is an example of a security breach.
    • Data security breaches are often caused by hackers.
      By: Artur Marciniec
      Data security breaches are often caused by hackers.
    • An example of a security breach is if a traveler who has a weapon or is on a wanted list makes it onto a plane.
      By: Shutterbas
      An example of a security breach is if a traveler who has a weapon or is on a wanted list makes it onto a plane.
    • Employee laptops must be protected from security breaches in the event of theft.
      By: Syda Productions
      Employee laptops must be protected from security breaches in the event of theft.
    • Airport security officers and police are trained to spot and resolve security breaches.
      By: Franz Pfluegl
      Airport security officers and police are trained to spot and resolve security breaches.