A data breach is an information security incident in which sensitive, proprietary, or confidential data is accessed, viewed, stolen, or in any way used by unauthorized parties or systems. The term generally refers to the breach of Internet- or network-connected data. A data breach can occur through an exploit of a weakness in a system (e.g., SQL injection) or person (e.g., social engineering).
While most data breaches are thought to be perpetrated by cybercriminals or hackers specifically targeting an organization to steal its data for financial gain, many data breaches occur because of insider access. In the case of insiders or employees, the employee may have legitimate access to the data, which is required to perform job functions. When the employee has approved permissions to access and interact with the data, a breach might occur when the employee uses the data in an unauthorized way (e.g., posts it to a forum, copies it to a non-secure/unapproved file location, sells it to a third party, etc.), or it could occur because of negligence/by accident (e.g., employee's laptop is stolen).
An insider could also gain access to a file or system that should be inaccessible to him/her due to a change of role within the company (e.g., access is no longer required due to departmental needs) or when appropriate controls are not in place (e.g., system admin does not specify principles of least privilege).
In the case of hackers, cybercriminals, or nation-states, these adversaries target specific data such as personally identifiable information (PII), public health information (PHI), or intellectual property (IP), use tools, tactics, and procedures (TTP) to find and access the data, then use the data for nefarious purposes. The goal may financial gain, to publicly embarrass a company, or to obtain trade secrets. While most data breaches—no matter how big or financially destructive—have not proven to inflict long-term effects on stock price or business performance, Nortel Networks was forced into bankruptcy after hackers lurked in their networks for 10+ years, stealing their IP.