Title: Data breach: analysis, countermeasures and challenges
Authors: Xichen Zhang; Mohammad Mehdi Yadollahi; Sajjad Dadkhah; Haruna Isah; Duc-Phong Le; Ali A. Ghorbani
Addresses: Canadian Institute for Cybersecurity (CIC), Faculty of Computer Science, University of New Brunswick (UNB), Fredericton, NB, Canada ' Canadian Institute for Cybersecurity (CIC), Faculty of Computer Science, University of New Brunswick (UNB), Fredericton, NB, Canada ' Canadian Institute for Cybersecurity (CIC), Faculty of Computer Science, University of New Brunswick (UNB), Fredericton, NB, Canada ' Canadian Institute for Cybersecurity (CIC), Faculty of Computer Science, University of New Brunswick (UNB), Fredericton, NB, Canada ' Canadian Institute for Cybersecurity (CIC), Faculty of Computer Science, University of New Brunswick (UNB), Fredericton, NB, Canada ' Canadian Institute for Cybersecurity (CIC), Faculty of Computer Science, University of New Brunswick (UNB), Fredericton, NB, Canada
Abstract: The increasing use or abuse of online personal data leads to a big data breach challenge for individuals, businesses, and even the government. Due to the scale of online data and the uncertainty of human factors, it is not feasible to build a practical prevention approach for data breach incidents in a real-time manner. In addition, despite the existing research on protecting users' data, a little systematic survey has been published to guide researchers and industrial participants to address the data breach issues. In this paper, we perform a comprehensive review and analysis of typical data breach incidents. We investigate threat actors, security flaws, and vulnerabilities that often lead to data breaches. The paper also includes the consequences of the information disclosures and lessons learned from each incident. Finally, we discuss countermeasures and challenges in preventing potential data breaches.
Keywords: data breaches; data privacy; protection; threat actors; cyber-attacks; countermeasures.
DOI: 10.1504/IJICS.2022.127169
International Journal of Information and Computer Security, 2022 Vol.19 No.3/4, pp.402 - 442
Received: 29 Dec 2021
Accepted: 17 May 2022
Published online: 23 Nov 2022 *