What is a data breach?
A data breach involves access to personal data while this is not permitted or the intention. This is caused by a breach of the security of these data. The unwanted destruction, loss, alteration or provision of personal data due to such a breach also fall under the definition of a data breach.
Is there a data breach in your own organisation? Or have you identified a data breach somewhere else in your environment and do you want to give the Dutch DPA a tip-off about it?
Directly reporting a data breach or giving a data breach tip-off
On this page
Examples of a data breach
A data breach is, for example:
- personal data that have been sent to a wrong addressee;
- access to a medical file by an unauthorised employee;
- the loss of a USB stick with unencrypted personal data;
- a cyberattack during which personal data have been stolen;
- an infection with ransomware as a result of which personal data have been made inaccessible.
Also see: Data breach caused by ransomware and Data breach caused by phishing.
Types of data breaches
There are 3 types of data breaches:
- Confidentiality breach: personal data have been published or accessed. This was done by someone who is not authorised to do so. Or this happened by accident.
- Integrity breach: personal data have been altered by someone who is not authorised to do so. Or this happened by accident.
- Availability breach: the organisation affected by the data breach can no longer access the data. Or the data have been destroyed. This was done by someone who is not authorised to do so. Or this happened by accident.
Depending on the circumstances, a data breach may fall in more than one of these categories.