Data breach
An incident in which unauthorised parties gain access to confidential data — typically including email addresses, passwords, payment details, or personal information — held by a company or organisation.
Also known as: security breach, data leak
Last reviewed: 1 June 2026
A data breach occurs when security controls fail and protected data is exposed to people who shouldn't have it. Breaches can result from external hacking, insider theft, misconfigured cloud storage, or lost and stolen devices. The exposed data often ends up for sale on criminal marketplaces or the dark web.
For individuals, the consequences include credential stuffing attacks (if passwords were leaked), identity theft (if sensitive personal data was exposed), and targeted phishing using the leaked information. Large breaches may expose full names, dates of birth, addresses, national insurance or social security numbers, and financial account details.
Checking services like Have I Been Pwned (haveibeenpwned.com) let you see whether your email address has appeared in known breaches. After a confirmed breach, changing passwords and enabling 2FA on affected services is the minimum response.