data breach

Potential causes of a collaboration platform data breach

Data is the lifeblood of modern organizations. Since data helps teams make better decisions and provide a competitive edge, it’s also a target of bad actors looking to steal sensitive information or launch ransomware attacks.

From software vulnerabilities and weak authentication mechanisms to malware and inadequate access controls, there’s no shortage of ways for hackers to infiltrate networks and gain access to mission-critical data. While organizations can’t necessarily prevent breaches from occurring, they can take proactive steps to reduce the likelihood that attacks are successful.

In this piece, we examine some of the main causes of data breaches, potential penalties organizations face in the event they’re attacked, and some of the strategies enterprises can use to protect against bad actors.

How do data breaches occur in a company?

To protect against data breaches, organizations first need to be familiar with some of the primary reasons they occur in the first place.

Phishing, malware, and social engineering attacks

Cybercriminals commonly use phishing, malware, and social engineering attacks to gain unauthorized access to sensitive data. 

  • Social engineering attacks manipulate individuals into disclosing sensitive information or performing unauthorized actions through psychological manipulation or impersonation tactics (e.g., business email compromise and phishing).   
  • Credential compromise occur when bad actors gain access to legitimate usernames and passwords and attempt to login to as many critical systems as possible in search of sensitive information (e.g., financial data or personally identifiable information)
  • Malware — including viruses, trojans, and ransomware — infects systems and compromises data integrity or confidentiality, often through email attachments or malicious websites.

Each of these methods can result in data breaches by stealing sensitive data, compromising user accounts, or providing attackers with unauthorized access to company systems or networks. To mitigate these risks, organizations need to implement robust cybersecurity measures, and they also need to ensure their employees are trained on what to look for.

Exploiting software vulnerabilities

Hackers also can gain unauthorized access to data by exploiting software visibilities. Vulnerabilities in software — like operating systems, applications, and web servers — can be exploited through various means, including code injection attacks, privilege escalation, and cross-site scripting. 

Once a vulnerability is successfully exploited, attackers can install malware, steal sensitive information, and manipulate systems for malicious purposes. Data breaches resulting from software vulnerabilities can have severe consequences — including financial losses, reputational damage, legal liabilities, and loss of customer trust. 

To mitigate these risks, organizations need to regularly patch and update the software they use. They should also always be on the lookout for vulnerabilities and implement proactive security measures to identify and remediate vulnerabilities before attacks can exploit them.

Weak authentication

Organizations lacking robust authentication mechanisms — like those with lenient password policies, a lack of multi-factor authentication, or insufficient security controls — can suffer data breaches by allowing unauthorized individuals to access sensitive systems or data. 

For example, bad actors might launch brute force attacks where they try to guess a user’s credentials to gain access to an account and steal data from there. Weak authentication can also enable hackers to facilitate credential-stuffing attacks where they use compromised credentials to gain access to other systems.

To protect against these outcomes, organizations should implement robust authentication measures like relying on single sign-on (SSO) solutions, strong password policies, and MFA.

Lacking visibility into SaaS tools

Today, the average organization relies on 250 different applications. When companies use SaaS services, they often lack visibility into user activities and potential security threats, making it difficult to detect and respond to unauthorized access or data breaches in a timely manner. Without visibility, organizations struggle to monitor user interactions, identify abnormal behavior, or enforce security policies effectively, increasing the risk of data exposure. 

By self-hosting tools, organizations can protect against breaches of SaaS vendors by gaining greater control and visibility into their data and infrastructure. When those tools are open source, organizations also gain access to source code, which they can review and scan with their internal security tooling. By hosting open source tools on-premises or in a private cloud, organizations can implement robust security measures — like encryption, access controls, and network monitoring tools — to protect sensitive data. Instead of being forced to abide by the security mechanisms a SaaS vendor chooses, self-hosting enables organizations to tailor security configurations to their specific requirements, maintaining oversight over their data. This control comes at the cost of resources to maintain said infrastructure but can be worth it for customers that work on highly regulated or sensitive data in their day to day.

Physical security breaches

Bad actors can also breach networks in the event they’re able to gain access to data centers or physical devices an employee might leave behind on a train or at a restaurant. 

For example, the theft or loss of laptops and smartphones could result in the compromise of sensitive information if those devices aren’t adequately protected. Additionally, unauthorized access to data centers, server rooms, or offices can allow attackers to tamper with hardware, install malicious software, and steal physical assets containing sensitive data.

By exploiting physical security weaknesses, attackers can gain access to sensitive data and compromise its confidentiality, integrity, or availability — leading to a number of negative outcomes for victim organizations. 

Why are there still so many data breaches?

Despite companies investing in cybersecurity, data breaches are still quite common for myriad reasons. 

For starters, cybercriminals are always evolving their tactics and looking for new vulnerabilities to exploit. With IT environments becoming increasingly complex — and organizations often using several cloud services and a number of third-party integrations — the attack surface continues to grow. Additionally, many organizations still rely on legacy systems with known vulnerabilities and resource constraints, which also hinder effective cybersecurity efforts. Making matters worse, phishing attacks are becoming increasingly sophisticated and pervasive.

To mitigate these risks, organizations must adopt a multi-layered approach to cybersecurity, encompassing technology solutions, employee training, risk assessments, and proactive threat detection and response.

How are companies held accountable for data breaches?

Organizations that find themselves on the wrong end of a data breach face several suboptimal outcomes.

Financial consequences

Data breaches can set organizations back a lot of money. According to IBM’s 2023 Cost of a Data Breach Report, the average data breach costs $4.45 million. When an enterprise is attacked, it incurs costs associated with incident response and resolution; in some cases, the organization may also face regulatory fines and legal fees and may have to pay out affected individuals.

Operational disruption

Data breaches can also disrupt day-to-day business operations leading to downtime, the loss of productivity, and damage to critical infrastructure or systems. Costs associated with remediation, recovery, and business continuity measures can further impact the company’s financial performance and operational efficiency. If a breach renders critical systems unavailable, organizations can also miss out on revenue-generating opportunities, compounding the matter further.

Reputational harm

Data breaches can result in significant reputational damage, eroding customer trust and confidence in the company’s ability to protect their personal information. Negative publicity and media coverage surrounding a breach can tarnish the company’s brand image and adversely impact customer loyalty and sales. Just ask LastPass.

Depending on the circumstances of the breach, organizations may face lawsuits from affected individuals, shareholders, or regulatory bodies seeking damages. Legal liability can arise from negligence in implementing adequate security measures, failure to comply with data protection laws, or breach of contractual obligations regarding data security.

At the same time, regulatory authorities — like data protection agencies and industry regulators like the SEC and FTC — may impose fines or sanctions on companies for violations of data protection laws. For example, under the General Data Protection Regulation (GDPR), companies can face fines as high as €20 million or 4% of annual global turnover, whichever is greater, for non-compliance.

Biggest breaches of the 21st century

According to a report from Harvard Business Review, there were twice as many victims of cybercrime in 2023 as there were the previous year. While hackers are no doubt interested in targeting organizations that have deep pockets, small to medium-sized businesses (SMBs) are not immune; in fact, one report found that 43% of all cyberattacks target small businesses. So, whether you’re a massive organization or a small startup, hackers will view you as a target — and you’ll need to prepare.

To give you a better idea of just how devastating cyberattacks can be, let’s examine some high-profile breaches that have occurred in recent years.


In 2013, hackers infiltrated Yahoo’s networks, stealing personally identifiable information (PII) and login credentials for some 3 billion users. While Verizon ultimately purchased Yahoo for nearly $4.5 billion following this attack, the telecom giant shaved $350 million from its offer in the aftermath of the breach.


In 2017, bad actors breached Equifax’s systems, making off with PII relating to hundreds of millions of users. It turned out that Equifax hadn’t patched a widely known vulnerability, which cybercriminals then exploited. Once inside the credit reporting company’s networks, the bad actors hopped from server to server and ultimately found usernames and passwords in plaintext. The attackers then stole encrypted data and were able to make sense of it after Equifax failed to renew an encryption certificate. Ultimately, the company spent $1.4 billion responding to the incident, and the FTC required the company to shell out an additional $1.38 billion.


In 2013, mega-retailer Target was attacked, and cybercriminals made off with credit card data belonging to some 40 million shoppers after gaining access to critical systems via credentials they stole from a third-party vendor. When the dust settled, Target paid out more than $200 million to settle claims and absorb legal fees. That number would have likely been much higher but the company had wisely secured a cyber insurance policy.

How can companies protect themselves from data breaches?

While hackers’ tactics are always evolving, organizations can take several proactive actions to protect their systems against data breaches and reduce the likelihood they are impacted.

Implement robust security measures

By deploying comprehensive cybersecurity solutions — like firewalls, antivirus software, intrusion detection systems, and encryption — you can safeguard networks, systems, and data from unauthorized access or exploitation. Consider deploying an out-of-band communications solution to coordinate responses in the event your main communications channels are compromised.

Educate and train employees

To ensure your team keeps current with the evolving threat landscape, conduct regular cybersecurity awareness training sessions to educate employees about common threats, like phishing attacks, social engineering attacks, and malware. While you’re at it, promote best practices for password security, data handling, and incident reporting.

Enforce access controls 

By implementing strong access controls and least privilege principles, you can restrict access to sensitive data and systems based on users’ roles, responsibilities, and authorization levels. Regularly reviewing and updating access permissions can also help prevent unauthorized access or misuse of data.

Learn how NetFoundry uses Mattermost with OpenZiti for zero trust internal, external, and out-of-band communications.

Regularly update software and patch vulnerabilities

Since hackers often gain access to systems by exploiting vulnerabilities, be sure to keep software applications, operating systems, and firmware up to date with the latest security patches and updates to address known vulnerabilities and reduce the risk of exploitation by cyber attackers.

Conduct regular security audits 

By performing regular security audits, vulnerability assessments, and penetration tests, you can identify and remediate security weaknesses, gaps, and vulnerabilities in systems, networks, and applications before hackers do. By implementing proactive risk management practices, you can also mitigate emerging threats and protect against data breaches effectively.

What do I do before and after a cybersecurity breach?

As Miguel de Cervantes once wrote, being prepared is half the battle. So, before a data breach occurs, it’s important to develop an incident response plan outlining roles, responsibilities, and communication channels. Conduct regular security assessments, vulnerability scans, and penetration tests to identify and address potential weaknesses in systems and networks. This will reduce the likelihood of a successful breach.

Additionally, you’ll also want to train your team about cybersecurity best practices, including phishing awareness, password security, and incident reporting procedures. Ensure that all staff members are familiar with your incident response plan and their roles in the event a breach occurs. 

On top of this, implement robust monitoring and detection systems to identify and alert on suspicious activities, anomalies, or potential security breaches in real time. By continuously monitoring network traffic, system logs, and user activity for signs of unauthorized access or malicious behavior, you can identify a breach right away, mitigating its potential impact.

Even with flawless preparation, hackers can still breach your systems. Should that happen, swift and coordinated action is essential for minimizing damage and mitigating further risks. In the event you notice your systems have been breached, here are some steps to follow:

  • Containment. Immediately isolate affected systems, networks, or compromised accounts to prevent further unauthorized access or data exfiltration. Disable compromised credentials and limit access to critical resources.
  • Response. Active the incident response team and follow the established procedures outlined in the incident response plan. Assess the scope and impact of the breach, gather evidence, and initiate remediation efforts to restore systems and data integrity.
  • Communication. Notify relevant stakeholders — including internal teams, senior management, customers, regulatory authorities, cyber insurance providers, and law enforcement — about the breach and its impact. Provide timely and transparent communication about the incident, mitigation efforts, and steps taken to protect affected individuals’ data.
  • Investigation. Conduct a thorough investigation to determine the root cause of the breach, identify vulnerabilities or gaps in security controls, and implement corrective actions to prevent future incidents. Preserve evidence for forensic analysis and potential legal proceedings.
  • Recovery and remediation. Restore affected systems and data from backups, if available, and implement additional security measures to prevent similar breaches in the future. Monitor your systems for any residual threats or ongoing malicious activity, and take appropriate actions to address them.
  • Review lessons learned. Last but not least, schedule a retrospective to evaluate the effectiveness of the response efforts, identify areas for improvement, and update incident response plans and security protocols accordingly. Document lessons learned from the breach, and share insights with relevant stakeholders to enhance cybersecurity resilience and preparedness for future incidents. 

Learn more about how to protect against data breaches!

To protect customers, maintain compliance, and preserve their reputation and bottom line, organizations need to do everything they can to secure systems and prevent bad actors from breaching their networks.

By prioritizing cybersecurity investments and educating employees regularly, organizations can go on the offense and increase the chances they stop hackers in their tracks.

Ready to learn more about cybersecurity collaboration and incident response? Here are some resources you may want to check out:

Read more about:


With a background in security consulting and engineering, Daniel nowadays is leading the Security organization at Mattermost to provide secure collaboration solutions for organizations world-wide.