Chapter 6: Data Breaches, Liability, and the Ethics of Response

Anatomy of a Data Breach

Breaches expose sensitive data, undermining trust and reputation. Understanding attack vectors helps improve preventive strategies.

A data breach occurs when unauthorized individuals gain access to sensitive or confidential data such as personal identifiers, financial information, or intellectual property. These incidents undermine public trust and expose both organizations and consumers to long-term risks. Understanding the anatomy of a breach-its vectors, phases, and impacts-is critical for ethical and technical resilience.

Data breaches typically evolve through stages:

1.      Infiltration: Attackers gain entry via phishing, malware, or exploiting vulnerabilities.

2.      Privilege Escalation: Unauthorized users obtain administrative control.

3.      Data Extraction: Confidential data is copied, encrypted, or transferred.

4.      Exfiltration & Monetization: Information is sold, leaked, or used for extortion.

The 2017 Equifax breach, which exposed data of over 147 million users, exemplified how neglected patch management and delayed detection can devastate reputation and consumer confidence.

Table 6.1 Common Attack Vectors in Data Breaches

Attack Vector

Description

Preventive Strategy

Phishing

Deceptive emails tricking users into sharing credentials

Employee awareness training

Ransomware

Encrypts data until ransom is paid

Regular backups, endpoint protection

Insider Threats

Misuse of access by employees

Least privilege access policies

Misconfigured Cloud

Public exposure of sensitive data

Continuous configuration audits

Zero-Day Exploits

Attacks exploiting unknown flaws

Threat intelligence and patching

Ethically, organizations have a responsibility to protect personal and organizational data as a matter of trust and duty, not mere compliance. Preventive ethics-rooted in awareness, transparency, and accountability-must guide cybersecurity readiness.