Definition
A data breach is an incident in which sensitive, confidential, or protected information is accessed, disclosed, or stolen by an unauthorised party. Breaches can involve customer personal data, financial records, login credentials, intellectual property, or internal communications. They happen through many routes — a hacker exploiting a vulnerability, an employee accidentally sending data to the wrong recipient, a stolen laptop, or a misconfigured database left open to the internet. The common thread is that information ends up somewhere it should not be.
Why It Matters
The consequences of a data breach extend far beyond the technical incident itself. Under GDPR, organisations must report certain breaches to the Information Commissioner’s Office within 72 hours and notify affected individuals if the breach poses a high risk to their rights. Fines for mishandling breaches can be severe, but the financial cost of the fine is often dwarfed by the reputational damage, loss of customer trust, and legal claims that follow. For business owners, breach prevention is about more than firewalls and passwords — it requires understanding where your sensitive data lives, who has access to it, and what would happen if any of those access points were compromised.
Example
A recruitment firm stores candidate CVs in a cloud storage folder. An employee shares the folder link publicly instead of restricting it to internal staff. For three weeks, anyone with the link can access thousands of CVs containing names, addresses, phone numbers, and employment histories. When the mistake is discovered, the firm must report the breach, notify every affected candidate, and explain what went wrong. The incident costs the firm two major client contracts because those clients no longer trust them to handle sensitive candidate data.