{"id":6267,"date":"2025-08-20T15:07:32","date_gmt":"2025-08-20T14:07:32","guid":{"rendered":"https:\/\/amtivo.com\/uk\/standards\/\/\/are-data-breaches-becoming-more-common\/"},"modified":"2025-12-18T13:32:48","modified_gmt":"2025-12-18T13:32:48","slug":"are-data-breaches-becoming-more-common","status":"publish","type":"standard-post-filter","link":"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/are-data-breaches-becoming-more-common\/","title":{"rendered":"Understanding Data Breach Causes & Response Strategies"},"content":{"rendered":"

The number of data breaches has risen in recent years. Some of the most high profile cases in recent times include the Marks & Spencer 2025 breach<\/a> that saw hackers access a large amount of customer data and cause the business to halt its online retail options for over a month. The Legal Aid Agency<\/a> also suffered a data breach in April 2025, which is comprised of personal, financial, and legal data from 2010 onwards.<\/em><\/p>\r\n

Data breaches are becoming so common that tools are being built for individuals to check if their information has been compromised. But what exactly is a data breach, how do they occur, and why are they becoming more frequent?<\/p>\r\n

\u00a0<\/h2>\r\n

What Is a Data Breach?<\/h2>\r\n

A data breach occurs when an unauthorised party manages to access an organisation’s protected, sensitive or confidential data. This might not always involve stealing the data; in some cases, it can be simply copied or viewed. A breach typically involves three stages:<\/p>\r\n

    \r\n\t
  1. Probing:<\/strong> The unauthorised party identifies vulnerabilities in an organisation\u2019s security system. Weak passwords and password sharing are common forms of human error that can lead to breaches.<\/li>\r\n\t
  2. Penetration:<\/strong> Next, the unauthorised party enters the organisation\u2019s network using one of the vulnerabilities they have discovered. Often, this occurs due to inadequate security measures on routers and other connection devices. Staff could also be exploited or manipulated into providing access using a number of tactics, including extortion.<\/li>\r\n\t
  3. Extraction:<\/strong> The final stage is for the criminals to extract the organisation\u2019s data, either digitally or by manually copying it.<\/li>\r\n<\/ol>\r\n

    \u00a0<\/h2>\r\n

    What Constitutes a Data Breach Under UK GDPR?<\/h2>\r\n

    A breach is any incident impacting the confidentiality, integrity, or availability of personal data. Under UK GDPR<\/a>, all businesses are required to implement appropriate technical and organisational measures to protect personal data. Breaches can be catastrophic for businesses. The theft of company data can lead to crimes such as identity theft, particularly when customer data – including credit card numbers – is the subject of the breach. Or corporate espionage, where valuable plans, designs, or types of other intellectual property are accessed. \u00a0<\/p>\r\n

    \u00a0<\/h2>\r\n

    Types of Data Breaches<\/h2>\r\n

    External breaches<\/strong><\/h3>\r\n

    These are often associated with cyber attacks such as phishing and ransomware, which are among the most common methods used to gain unauthorised access to data from outside an organisation Attackers can exploit third-party services, suppliers, or platforms used by an organisation or its employees. In 2024, a study found that nearly 450 Members of Parliament had had their personal information exposed<\/a> on the dark web after being exposed through hacks, breaches of third-party services, or other compromise methods, rather than direct attacks on Parliament\u2019s own IT systems.<\/p>\r\n

    Internal breaches<\/strong><\/h3>\r\n

    Internal breaches occur as a result of staff errors or unauthorised internal access. Employees may unknowingly or deliberately access data they are not permitted to see or alter. In some cases, authorised individuals misuse their power to access data and share it with criminals.<\/p>\r\n

    Negligence or theft<\/strong><\/h3>\r\n

    Breaches can occur if a device is left unattended, stolen, or if confidential documents are not secured. If unauthorised individuals access these items, company data can be exposed.<\/p>\r\n

    System failures<\/strong><\/h3>\r\n

    System failures can also result in data breaches. Glitches or failures within systems can unintentionally allow unauthorised access, compromising the security of sensitive information. \u00a0<\/p>\r\n

    \u00a0<\/h2>\r\n

    How Do Data Breaches Occur?<\/h2>\r\n

    According to the UK Government\u2019s Cyber Security Breaches Survey 2025<\/a> and the Information Commissioner\u2019s Office<\/a> (ICO), the most common ways breaches occur are:<\/p>\r\n

    Physical actions<\/strong><\/h3>\r\n

    Loss or theft of laptops, USB drives, or paperwork containing sensitive data. This can occur if individuals are careless with company data, or after the theft of paperwork or an employee’s laptop.<\/p>\r\n

    Privilege problems<\/strong><\/h3>\r\n

    Incidents where staff access or share data without proper authorisation. These breaches can happen either accidentally or deliberately. It can also occur when authorised individuals abuse their power to access data and pass it on to criminals.<\/p>\r\n

    Social engineering<\/strong><\/h3>\r\n

    Increasingly, attacks are coming from criminals pretending to be banks, clients, auditing agencies, or even the police. This kind of trick uses the trust of workers to gain entry to networks. It also concerns email and other electronic communications scams such as phishing<\/a>, where people pretend to be a provider that the organisation already uses.<\/p>\r\n

    Human error<\/strong><\/h3>\r\n

    Mistakes such as sending data to the wrong recipient, misconfiguring systems, or using weak passwords can all be down to human error. No matter how many preventative measures are put in place, businesses still suffer from people making mistakes, often unwittingly.<\/p>\r\n

    Malware and ransomware<\/strong><\/h3>\r\n

    Malware attacks use malicious software to steal or lock data, and the internet is full of bots and spyware that can access networks with little-to-no human help. Ransomware has become a popular type of malware, blocking access to data or systems and demanding payment to restore it. Most of these breaches are carried out by hackers or organised cyber criminal groups. They use a mix of technical exploits, malware, and social engineering to gain unauthorised access to sensitive information. Once inside, they can cause serious disruption and damage. The causes of data breaches can be grouped into the three main categories:<\/p>\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n
    Category<\/strong><\/span><\/th>\r\nSpecific Causes<\/strong><\/span><\/th>\r\nExamples<\/strong><\/span><\/th>\r\n<\/tr>\r\n<\/thead>\r\n
    Malicious, Intentional, or Criminal<\/th>\r\n\r\n
      \r\n\t
    • Phishing and social engineering<\/li>\r\n\t
    • Malware and ransomware<\/li>\r\n\t
    • External hacking or unauthorised access<\/li>\r\n\t
    • Deliberate privilege misuse<\/li>\r\n\t
    • Attacks via third-party suppliers<\/li>\r\n<\/ul>\r\n<\/td>\r\n
    		\r\n
      \r\n\t
    • Phishing emails trick employees into revealing credentials<\/li>\r\n\t
    • Ransomware attacks<\/li>\r\n\t
    • Hackers exploiting vulnerabilities<\/li>\r\n\t
    • Employees deliberately leaking data<\/li>\r\n\t
    • Breaches via compromised suppliers<\/li>\r\n<\/ul>\r\n<\/td>\r\n<\/tr>\r\n
    System Glitches<\/th>\r\n\r\n
      \r\n\t
    • System failures<\/li>\r\n\t
    • Software bugs<\/li>\r\n\t
    • Misconfigured databases or cloud services<\/li>\r\n<\/ul>\r\n<\/td>\r\n
    		\r\n
      \r\n\t
    • Database misconfiguration exposing records<\/li>\r\n\t
    • Glitches allowing unauthorised access<\/li>\r\n<\/ul>\r\n<\/td>\r\n<\/tr>\r\n
    Human Error<\/th>\r\n\r\n
      \r\n\t
    • Accidental data sharing<\/li>\r\n\t
    • Sending data to the wrong recipient<\/li>\r\n\t
    • Losing devices or paperwork<\/li>\r\n\t
    • Weak passwords<\/li>\r\n\t
    • Inadvertent privilege misuse<\/li>\r\n<\/ul>\r\n<\/td>\r\n
    		\r\n