There are many types of data breaches. What they share is that they usually result in personal information being taken for identity theft, stolen sensitive data, unauthorized access to or acquisition of restricted information, ransomware attacks, illegal exposure of data, or disclosure of confidential information. 

Most data breaches are perpetrated by cybercriminals or others with malicious intent. However, some types of data breaches result from accidents or negligence.   

All 50 states in the United States, as well as the District of Columbia, Guam, Puerto Rico, and the Virgin Islands, have passed laws that require notification for most types of data breaches. Data breach notification laws apply to government and private sector organizations.  

The intent of data breach notification laws is to increase pressure on organizations to take the necessary measures to protect information from the varied types of data breaches that put individual’s personal information at risk and have other potentially catastrophic consequences.  

Common types of data breaches

Malware is at the root of most types of data breaches. This broad term includes all types of malicious software programs designed to give attackers unauthorized access to systems and data.  

Malware can be used to steal information, disrupt operations, or completely disable systems. There are many forms of malware, including: 

  • Adware 
  • Backdoors  
  • Fileless malware 
  • Ransomware 
  • Spyware 
  • Trojan virus 
  • Viruses 
  • Wipers  
  • Worms 

Cross-site scripting (XSS) attack

An XSS attack hijacks legitimate, trusted sites, injecting malicious executable scripts that are used to deliver malware and provide a jumping-off point for different types of data breaches. Once an XSS attack has been executed, the attacker can impersonate the victim and: 

  • Spread malware to other users 
  • Perform any actions or access any data for which the user has authorization    
  • Steal the user’s login credentials when they enter them into a form   

Keystroke loggers

A type of malware, a keystroke logger records everything typed on a user’s keyboard, including user names and passwords. The information is then passed back to attackers who use the credentials to perpetrate various types of data breaches or steal information as it is keyed into systems (e.g., credit card numbers or other sensitive information).  

There are several varieties of keylogger malware with different levels of capabilities. User-mode or API (application programming interface)-level keyloggers are the most common and basic, capturing and transmitting through APIs, but lacking administrative capabilities.  

Others, such as kernel-level keyloggers, are embedded into operating systems, making them more difficult to find and remove. Another type of keylogger is browser-based and captures information as it is entered into web forms. 

Man-in-the-middle (MITM) attack

An MITM attack is commonly used to steal personal information. With these types of data breaches, the attacker eavesdrops on communications and intercepts and steals data transmitted on a network.  

In most cases, man-in-the-middle attackers take advantage of vulnerabilities in public networks, such as free Wi-Fi at a coffee shop or an airport.  

Password guessing or brute force attacks

While one of the easier types of data breaches to prevent, brute force attacks are successful when weak passwords are used. In a brute force attack, a tool is used to guess likely passwords, sorting through millions of possibilities until one is found.  

In addition to requiring strong passwords, a system that blocks access after a set number of failed login attacks can also prevent this type of data breach.   


Phishing is one of the most pervasive types of data breaches. It continues to be an effective attack vector because it plays on humans’ trusting natures, busy schedules, and carelessness, coupled with cleverly crafted email or text messages that override people’s internal alarms.  

All it takes is for one user to activate a phishing link and it can spread across networks, infecting other connected systems. Phishing attacks, generally, have one of three objectives: 

  1. Trick victims into clicking on a malicious link or attachment that infects their systems, and potentially others, with malware. 
  2. Convince recipients to visit a fake website with a form that sends their credentials or credit card information to the attacker. 
  3. Impersonating someone else (e.g., boss, friend, or family member) and convincing them to share sensitive information or send money. 

Variations on phishing include spear phishing, which is a highly focused attack that targets specific individuals or groups. Whale phishing is yet another variant of phishing that targets a group of high-profile targets, such as executives in an organization.   


Although ransomware is a type of malware, it is used differently than other types of malware. Once a breach has occurred, ransomware is unleashed on data, locking files with encryption. The attacker demands that a ransom be paid to have the files unlocked.  

In some cases, in addition to locking the files, the attackers exfiltrate them and demand a second ransom to stop them from sharing the information publicly. This approach is commonly used for proprietary or potentially embarrassing information. These types of data breaches are notoriously difficult to prevent. 

SQL injection attack

An SQL Injection attack injects malicious code into systems through an SQL query. Once this is done, the attacker can access the database to steal (via one of many types of data breaches), make modifications to (i.e., data compromise), or lock information (i.e., ransomware attack). 

Physical theft

The most widely discussed types of data breaches are cyber-related, but physical theft is also an issue. Types of data breaches that involve physical theft include stealing paper files, laptops, or external hard drives.   

Why data breaches happen

The types of data breaches outlined above occur in a number of ways for various motivations, including the following. 

Causes of a data breach: 

  • Accidental insider
    For example, if an employee accesses files without proper authorization, this is considered a data breach—even if no information is shared.
  • Malicious insider
    A user with legitimate authorization takes advantage of their privileges to access, share, or steal sensitive information.
  • Outside cyber criminal
    These attackers deliberately target users and systems to commit various types of data breaches.  

Motivations for the various types of data breaches include: 

  • Building a reputation 
  • Cyber insurance fraud 
  • Identity theft  
  • Intellectual property theft 
  • Monetary gain  
  • Vigilantism or hacktivism 

Understanding types of data breaches enables prevention tactics

Understanding the types of data breaches and why they happen enables development and implementation of effective defensive strategies. This helps reduce the risk of most types of data breaches and mitigate the potential damage they can cause, including devastating financial and reputational consequences for organizations, as well as significant operational disruptions.   

Unleash the power of unified identity security.

Centralized control. Enterprise scale.

Take a product tour