The terms data breach and security incident have also become commonly used.
Various terms are used to describe the situation following an IT attack or incident: data breach, security incident, vulnerability, etc.

Security incident: defined as any violation or imminent threat of violation of security policies and lawful use of an organization’s technological tools.
Some examples of security incidents are:

• an organization suffers a malware attack that renders its database unreadable;
• a file containing a malicious code is transmitted through a phishing campaign;
• an organization’s employee loses the PC used to carry out his or her work.

Personal data breach: a personal data breach is a particular type of security incident involving personal data.
Some examples of personal data breaches are:

• an organization suffers a malware attack that renders the database containing customer and supplier records unreadable;
• a file containing a malicious code transmitted as part of a phishing campaign is opened by an organization’s employee, thus causing the exfiltration of data relating to the means of payment used by customers;
• the employee of an organization loses his company PC, on which documents containing personal data of which the organization is the data controller were stored.