The terms data breach and security incident have also become commonly used.
Various terms are used to describe the situation following an IT attack or incident: data breach, security incident, vulnerability, etc.
Security incident: defined as any violation or imminent threat of violation of security policies and lawful use of an organization’s technological tools.
Some examples of security incidents are:
- an organization suffers a malware attack that renders its database unreadable;
- a file containing a malicious code is transmitted through a phishing campaign;
- an organization’s employee loses the PC used to carry out his or her work.
Personal data breach: a personal data breach is a particular type of security incident involving personal data.
Some examples of personal data breaches are:
- an organization suffers a malware attack that renders the database containing customer and supplier records unreadable;
- a file containing a malicious code transmitted as part of a phishing campaign is opened by an organization’s employee, thus causing the exfiltration of data relating to the means of payment used by customers;
- the employee of an organization loses his company PC, on which documents containing personal data of which the organization is the data controller were stored.