Skip to Content
Threats and Attacks

What is a data breach?

A data breach happens when unauthorized people gain access to a company's confidential information: customer data, passwords, financial records or internal documents. It can be the result of a deliberate attack, such as a credential theft or a ransomware, or of an accidental exposure, such as a file left open by mistake. Either way, the damage is the same: information that should be confidential ends up in the hands of those who should not have it.

Zamak TechnologiesUpdated on July 10, 2026

How a data breach happens

A breach is rarely a single, instant event: it is usually the end of a chain that started much earlier. The most common path has four stages.

1

Initial access

The attacker gets in through the easiest door: a stolen credential bought on the dark web, a phishing email or an unpatched software flaw.

2

Movement and escalation

Once inside, they move across the network looking for more access and for where the valuable information is stored, often unnoticed for weeks.

3

Exfiltration

The data is copied out of the company, quietly. This is the moment the confidential information actually leaves your control.

4

Exposure or use

The data is sold, used in fraud, published to pressure the victim (as in double extortion) or made public, triggering loss, fines and broken trust.

Source: N-able Cyber Encyclopedia and IBM (Cost of a Data Breach).

The main causes of a data breach

  • Stolen or weak credentials, today the leading entry vector, often bought on the dark web
  • Phishing and social engineering, which fool an employee and open the door from the inside
  • Malware and ransomware, which steal the data before encrypting it
  • Unpatched software flaws, exploited before the fix is applied
  • Cloud misconfiguration, such as a file store left public by mistake
  • Insider action, whether by malice or by unintentional error
  • A supplier compromise, which becomes the door into your company's data

Intentional breach and accidental leakage

  • Intentional breach (data breach) An external attacker breaks in on purpose to steal information, using stolen credentials, phishing or malware. It is the active attack, with someone deliberately trying to get in.
  • Accidental leakage (data leakage) The unintentional exposure of confidential data through negligence or error: a misconfiguration, a file sent to the wrong person, a store left open. There is no attacker, but the data is exposed all the same and becomes a door into a breach.
  • Insider threat Someone with legitimate access, an employee or supplier, exposes the data, by malice or by carelessness. Because the access is authorized, it tends to be the hardest to detect.

Why a data breach is so expensive for your company

$4.44M
the global average cost of a data breach in 2025 (IBM, Cost of a Data Breach 2025)
241 days
the average time to identify and contain a breach (IBM, 2025)
22%
of breaches start with a compromised credential, today the #1 entry vector (Verizon DBIR 2025)

A data breach is one of the most expensive incidents a company can suffer, and the cost goes far beyond technology. The global average cost of a breach reached $4.44 million in 2025, and companies took, on average, 241 days to identify and contain the incident, more than enough time for the damage to spread. The bill adds up investigation, halted operations, customer notification, lawsuits and, increasingly, fines: more than 140 countries now have data protection laws, and rules like the LGPD in Brazil and the GDPR in Europe carry penalties reaching a percentage of the company's global revenue. Harder to recover is trust: customers who learn their data was exposed take time to return, and some do not. That is why a breach is a business risk, not just an IT one, and defense has to cover the whole chain, from prevention to early detection.

How to reduce the risk of a data breach

No single measure eliminates the risk, but the right combination reduces the chance of the breach and the time to detect it. In the order that protects most:

  1. Protect access: MFA and least privilegeSince the credential is the #1 vector, requiring a second identity check and giving each person only the access they need closes the most-used door.
  2. Endpoint detection and response (EDR)A defense that watches behavior recognizes the attacker's movement and the exfiltration attempt before the data leaves.
  3. Dark web monitoringFinding out that a company credential is for sale lets you rotate it before it is used, reducing the exposure time.
  4. Secure updates and configurationClosing known flaws and reviewing cloud configurations eliminates two of the most common causes, the unpatched flaw and the store left open.
  5. Encryption and isolated backupEncrypted data loses its value if copied, and a backup separated from the network ensures recovery without depending on the attacker.
  6. Incident response planA rehearsed plan shortens the average 241 days of detection and containment, which directly reduces the cost and the reach of the breach.

In practice

The question that reveals the real risk: if one of your company's credentials were for sale on the dark web right now, would anyone find out in time to rotate it, or would the first warning be the breach itself already in progress?

How Zamak protects your company's data

Zamak Technologies protects against breaches by covering the whole chain, not just one point. The defense combines access protection with a second identity check, endpoint detection and response, isolated and immutable backup and dark web monitoring, which warns when a company credential appears for sale, all followed by a security operations center that shortens the time between the incident and the response. That way, the breach is attacked in prevention and in early detection, where the cost is still low. A good starting point is threat intelligence, which monitors your company's exposure beyond the perimeter.

Frequently asked questions about data breaches

What is the difference between a data leak and a data breach?
In practice, the two terms are often used as synonyms. When a distinction is drawn, "breach" emphasizes the intentional attack by someone outside, and "leakage" emphasizes the accidental exposure through error or misconfiguration. In both, the result is the same: confidential data in the hands of those who should not have it.
How do I know if my company has suffered a breach?
It is not always obvious, and that is the dangerous part: companies take, on average, 241 days to notice. Signs include unusual access, credentials appearing for sale on the dark web, customers reporting fraud and alerts from the monitoring center. Continuous monitoring is what reduces that discovery time.
What should I do if I discover a data breach?
Trigger the incident response plan: contain the access, preserve the evidence, assess what was exposed, rotate the affected credentials and meet the legal notification obligations set out in laws like the LGPD or the GDPR. Acting fast and in a coordinated way reduces the cost and the reputational damage.
Do small companies need to worry about breaches?
Yes. Smaller businesses are targeted precisely because they tend to have less protection, and a single breach can be devastating for those with less margin to absorb fines, downtime and lost customers. The size of the company does not reduce the value of the data it holds.
Does a breach always mean we were hacked?
No. Many breaches do not come from a sophisticated attack, but from a mistake: a cloud configuration left public, a file sent to the wrong recipient, poorly controlled access. That is why defense has to cover both the external attack and the internal error.
How do the LGPD and the GDPR relate to breaches?
They are data protection laws, the LGPD in Brazil and the GDPR in Europe, among more than 140 countries with similar rules. They require the company to protect personal data and to notify authorities and affected people in the event of a breach, under penalty of fines that can reach a percentage of revenue. Handling data security is also a compliance obligation.

Related terms

Endpoint and Identity
MFAPAM (privileged access)SSO (single sign-on)
Detection and Response
EDRMDRXDRMITRE ATT&CKSIEMSOC (security operations center)
Network and Access
ZTNAFirewallVPNSASE
Governance and Compliance
LGPDISO 27001SOC 2NIST CSFShadow ITCyber maturity assessmentHIPAAPCI DSSGDPRCMMCCIS ControlsISO 42001 (AI management)NIST AI RMFNIST 800-171FTC SafeguardsISO 27701 (privacy)FedRAMPGRC (governance, risk, compliance)vCIOvCISO
Concepts and Fundamentals
Deep webZero TrustDefense in depthAttack surfaceEndpointLeast privilege
AI and Security
Shadow AIAI governancePrompt injectionOWASP LLM Top 10Deepfake