While the term “data leak” may conjure up images of cyberattackers and corporate espionage, data leaks often occur due to human error or misconfiguration of infrastructure. This type of security incident is different from a data breach because it does not require exploiting an unknown vulnerability. Instead, a data leak results from unauthorized access to information by unauthenticated parties.
An example of a data leak would be an employee saving confidential information on an unsecured device, such as a USB drive or a passwordless external hard drive, then sharing this information with a non-employee. Another type of data leak is a misconfigured cloud storage server that exposes information to unauthorized parties. A misconfigured server can allow unauthorized users to access the personal details of existing or former employees or customers, or trade secrets.
In a worst-case scenario, malicious actors may use the information from a data leak to launch a full-blown data breach. The attacker can then access other systems, user accounts and other devices to obtain more information about the organization or its customers. This is known as lateral movement and privilege escalation. Once the attacker has access to more sensitive data, they can either resell it on the black market or contact an organization demanding ransom.
Regardless of the cause, it is important to act quickly when you discover a data leak. This includes identifying the source and extent of the leak, communicating with existing parties, and assessing your current security policies to see if they need updating.