Data Breach vs. Identity Theft: What’s the Difference?
By understanding the differences between data breaches and identity theft, small businesses can prevent some data breaches from turning into identity theft disasters. After a breach, you'll need to move into identity theft prevention mode. A risk
management plan and adequate Cyber Liability Insurance will help you move quickly, meet your state data breach requirements, and protect your customers from fraud.
Note: The statistics cited here come from the Ponemon Institute's 2014 Cost of Data Breach Study.
What Is a Data Breach?
A data breach is a catchall term – it refers to any scenario in which your customer's data might have been exposed. Here are some examples that show just how many different things can be called a data breach:
- When sending an email, an employee accidentally attaches a document that contains personal data.
- A hacker breaks into a business’s network and downloads point-of-sale data.
- A healthcare employee sends patient data using a non-encrypted email.
- Malicious software (aka malware) spreads to a business’s servers and steals private data.
- An employee downloads a business file to their thumb drive and opens it on their unsecure home network.
- A problem with a company's web hosting software causes financial data to be exposed online.
- Thieves break into your office and steal a laptop, which contains company data.
In each of these cases, data might have been exposed. You'll notice how few of these examples involve hackers. In fact, only 42 percent of data breaches are caused by hackers or criminals. Thirty percent are caused by human error
(like the employee who emailed the wrong document), and 29 percent are caused by system glitches (like the web host error).
What Is Identity Theft?
Identity theft occurs after a data breach. Identity theft happens when cyber criminals use stolen data to make purchases, apply for loans, withdraw money, or commit fraud. If a data breach is the moment you lose data, then identity theft is the
moment criminals use that data for malicious purposes.
It’s worth emphasizing that not all data breaches lead to identity theft. As we saw above, some breaches occur because of a lapse in security. An employee might use email in a non-secure way, but the odds of identity theft occurring are slim.
It's also important to understand that identity theft can be prevented even after a data breach has occurred. Let's say you find out that your business's network has been infected with malware. Hackers have stolen information from thousands
of customer transactions and their credit card data. Read on to find out what you should do next.
How Do You Prevent ID Theft after a Data Breach?
Immediately following a data breach, a small business should contact its customers, alert them to the breach, and shore up its network security. Many businesses offer fraud-monitoring services, which notify customers when their credit cards or bank accounts
have any suspicious activity.
The reasons for this are twofold:
- Customers are able to catch fraudulent transactions early.
- Criminals are less likely to use stolen data if it has a low success rate.
The second reason paints a fascinating picture of how identity theft really works. When data is stolen, hackers sell that data on the black market. Identity thieves buy data and imprint it on fake credit cards that they use to make fraudulent purchases.
However, criminals don't want to buy stolen data if it only works some of the time.
Hackers actually post the success rates for their stolen data. If you fight back and your credit monitoring services catch ID theft in action, you might actually nip further ID theft in the bud.