A data breach occurs when an incident exposes protected information such as personal data.
The breach may involve loss or theft of a customer or employee list, an unencrypted hard drive, lost thumb drive, exposed attendee list, which may be containing names, credit card numbers, national identification/passport numbers, personal images or videos, personal health information, emails, NHIF or NSSF numbers.
A data breach may be intentional or accidental. A threat actor may hack your data bases or an employee may accidentally expose that information in various media.
The stakes are high if you suffer a data breach.
There is widespread concern about cyber attacks, which can have a crippling effect on businesses, but the main cause of breaches remains non-cyber incidents and human error.
Hundreds of data reaches have been reported around the world. In Kenya, Techweez reported a Safaricom Ltd data breach perpetrated by an employee in 2019 who downloaded and offered a third party personal data affecting 11.5m customers.
In 2023, Naivas Supermarkets also suffered a breach affecting customer and employee data.
Once you are aware personal data is involved, there is only 72-hours to make a decision on whether the breach will need to be reported to the regulators and the impacted individuals or not.
At the same time, urgent steps may need to be taken to stop the breach, find out how extensive it is, minimize the impact and so on. Public announcements may also be necessary.
Free Resource:
Comments ()