Home / News & Resources / News & Updates / Common Causes of Data Breaches

Common Causes of Data Breaches

  • Posted on

Data breaches are a common occurrence across a wide range of industries. Countless organisations have been caught out, particularly in recent years, leading to the exposure of highly sensitive personal information.

There are many potential causes of data breaches, some of which are much more straightforward than many people initially assume. While cybercriminals are certainly capable of conducting sophisticated attacks, common causes of data breaches often centre around basic human error.

In this article, we cover the following common questions people often have around the common causes of data breaches:

While we hope you will find this article helpful, we are also very happy to answer any questions you have directly. To speak to a member of our team about data breaches and their potential causes , you can fill in our secure online claim form or give us a call on 0330 041 5135.

What is a data breach?

To summarise, a data breach refers to any incident where personal data is accessed, viewed or shared by an unauthorised party. As mentioned above, this could be due to criminal activity, or an avoidable mistake by an organisation or individual working within an organisation.

Organisations have an obligation to handle data in a secure manner. Failing to do so could mean that any individuals who have been affected by the breach will be in a position to make a claim for compensation.

What are the most common causes of data breaches?

There are various different types of data breaches, with common causes including:

  • Lost or stolen devices
  • Backdoor vulnerabilities
  • Phishing
  • Malware and ransomware
  • Unencrypted data
  • Distributed denial of service (DDoS)
  • User error

Lost or stolen devices

A breach of data security can easily take place where a device that contains sensitive information is lost or stolen. A mistake as simple as leaving a laptop or working mobile on a train can have major consequences, especially if that device can be easily accessed.

Backdoor vulnerabilities

Certain pieces of software or applications can be easily exploited by anyone with the right skills. These backdoor vulnerabilities can provide an easy route through to highly sensitive data for cybercriminals.


Phishing is a common tactic used to extra sensitive data. Criminals use information they already have access to (potentially from a previous data breach) in an attempt to access even further data that could be more valuable to them. For example, someone carrying out a phishing scam could pose themselves as a legitimate business and send a link to a false website where any credentials entered can be stolen.

Malware or ransomware

Malicious software (malware) can be designed to harm or exploit any type of programmable device. Once uploaded, cybercriminals can use it to extra data which they can then use to leverage over their victims, usually for financial gain. Where they hold a business to ‘ransom’ over this data, the term ransomware is used.

Unencrypted data

If data is unencrypted, cybercriminals may be able to intercept and access said data. It’s important that organisations enable end-to-end encryption to help keep data secure if it is ever to fall into the wrong hands.

Distributed denial of service (DDoS)

DDoS attacks can be carried out to create a diversion that security administrators are forced to deal with. While this is ongoing, cybercriminals use the distraction in an attempt to access sensitive data.

Human error

No matter how secure an organisation’s systems may be, there is always the risk that human error can undermine them. It is alarmingly common for emails to be sent to the wrong recipients, or incorrect files to be uploaded online, which can expose personal data that was not intended to be shared.

How can organisations improve password security?

Week passwords that can be easily stolen is an issue that many organisations need to overcome, especially as it’s a common cause of a breach of data security. There are various steps that can be taken to deal with this issue, such as:

  • Set up a workplace password policy
  • Creating passwords for employees rather than allowing them to create their own
  • Setting up two-factor authentication
  • Apply password encryption
  • Regularly and update password details
    • This is especially important if any unauthorised login attempts have been recognised

How can employees identify phishing attempts?

Phishing attempts have grown increasingly complex, which can make them hard to identify at first glance. This is especially if you aren’t aware of how they may appear or what the potential consequences of a company data breach could be.

Things for employees to look out for when it comes to phishing attempts include:

  • Spelling mistakes
  • Generic greetings
  • Mismatched email domains
  • Suspicious links or attachments
  • First time senders
  • Urgent calls to action

Why is it important to regularly update software?

Regularly updating software is an essential security measure that all organisations handling personal data need to take. Failing to do so could mean that security flaws can be exploited, which could significantly increase the chances of a data breach taking place.

What should you do if your data has been breached?

If you have been informed that your personal data has been breached, it is important that you take the necessary steps to protect yourself. This will typically include changing the passwords to your personal accounts, creating a security alert for your credit reports, or enabling a security freeze.

If an organisation is responsible for breaching your data, you may be in a position to make a claim for compensation. This is regardless of the actual cause of the data breach.

To have your case reviewed and to find out whether you will be able to make a data breach compensation claim, it is strongly advised that you speak to a specialist solicitor. This is where the team at Hayes Connor can step in to lend their support.

How Hayes Connor can help

If your data has been breached, our solicitors may be able to support you to make a data breach compensation claim. We can act for clients on a no win, no fee basis, removing the financial risk of pursuing the claim.

At Hayes Connor, we are one of the largest teams of data breach claims specialists in the country, with decades of combined experience in securing compensation for victims of data breaches. We can advise you on whether you are likely to have grounds for a claim, the level of compensation you may be entitled to and what steps you need to take to start a claim.

Our goal is to ensure that anyone who is affected by a data breach is able to get the compensation they deserve, while making the claims process as simple and stress-free as possible.

You can find out more about our expertise and how we handle data breach claims here.

To start a claim, you can use our online claim form and we will get back to you shortly to let you know if we believe you have grounds for compensation.

If you would like to speak to a member of our team, please do not hesitate to give us a call on 0330 041 5137.