Data breaches and information leaks are a growing concern for companies of all sizes. With the increasing amount of sensitive information being stored and shared digitally, it is essential for organizations to understand the various types of leaks that can occur and the impact they can have on their business.
In this article we explain how different leaks happen and what are the motivations behind them. We also share some examples of business information leaks collected during our study “Risks, Costs and Consequences of Visual Content Leaks”.
⇥ QUICK READ
What motivates leakers?
There are a variety of reasons why someone might leak sensitive business information. These motivations can be categorized by whether they are intentional or unintentional, internal or external.
Hackers and professional leakers
These leakers voluntarily seek for sensitive information to be revealed. Some may be motivated by financial gain, such as through the sale of stolen information or through ransom demands. Others may be motivated by a desire for fame or recognition, and may leak information or hack into systems to gain public attention. Some hackers may also be motivated by a desire to test their skills or to expose vulnerabilities in systems.
Professional leakers are a major cybersecurity threat, as they patiently track down all the flaws and vulnerabilities in information systems to gain access to sensitive information. In the worst cases, these attacks can completely shut down business operations.
There was an incident when the hackers took advantage of a third-party tool we employed for customer segmentation and cultural understanding due to which our majority of critical information was exposed.
– Director of a UK Public relations agency
Another type of intentional leak is in-house staff revealing confidential information for a personal gain. Unhappy team members can reveal information as a way of retaliating against the organization or to call attention to issues with a company’s actions and policies. Some people might also share information with the media or other parties in order to influence public opinion or decision-making. Additionally, staff members can sometimes be persuaded by professional leakers who offer significant rewards if given access to sensitive information.
Our company had a board member who was incapable of keeping his mouth shut. If there was a discussion about new products or a new capability, I would almost inevitably get a random call from a reporter a few days after the board meeting asking about it.
– PR Manager of a UK Entertainment company
Unintentional leaks are the accidental leaks that happen when people share confidential information through an act of negligence, or without being aware of the sensitive nature of the information. In these cases, there is no intention to harm the brand.
These leaks are characterized by human error, and include situations such as employees accidentally sharing sensitive information through email, leaving sensitive material or unsecured devices in a public space, being victim of phishing scams or third party contractors inadvertently leaking confidential information.
We had a loss of data due to employee negligence as multiple highly important client documents were transferred to the wrong recipient outside of our organization which resulted in strained client relations. Moving forward we have limited the control of data sharing to the management level to control data breach.
– Chief Operating Officer of a US Public relations agency
Enthusiastic fans sometimes leak information about a brand on social media, blogs and forums. These leaks often are accidental in the sense that fans don’t realize the information shared was supposed to be kept secret. In these situations the over-keen fans have no intention of harming the brand.
However, these leaks can damage brands when information about a new product or an event are shared before their official reveal, and then spread to online marketplaces, leak sites and media.
Motivations for leaking sensitive material
What information is leaked?
Another way of categorizing leaks is based on what business information is shared. Different types of leaks have different impacts on brands, although most are negative.
These leaks often concern customer data, such as names, addresses, phone numbers, and credit card information. They can also include information about employees.
Personal information leaks are harmful to businesses because they damage brand’s reputation, make customers lose trust and have a negative impact on sales.
We recently faced a data breach which leaked all our clients’ IP addresses. It was a huge reputational as well as monetary loss for us. Ever since we have all our operational systems up to date and enhanced system security.
– CISO of a US Public relations agency
Confidential information leaks refer to the unauthorized release of sensitive information that is not intended for public consumption. This information can include trade secrets, financial data, research and development plans, marketing strategies and other types of proprietary information that companies consider valuable and are typically protected by legal and ethical means.
Confidential information leaks can cause significant harm to brands, including damage to reputation, loss of customers, legal and regulatory fines, loss of revenue and difficulty in finding new partners, among others.
We recently experienced a data breach that exposed all of our vendors' financial information. For us, it was a big reputational and monetary setback. We upgraded our security and strengthened our technical operations in the aftermath of that occurrence.
– CEO of a US Automotive company
These leaks refer to the unauthorized release of information and content related to a company's intellectual property, such as patents, trademarks, copyrights, trade secrets, and other proprietary information that gives a business a competitive edge.
One often ignored sensitive content are brands’ digital assets. Indeed, not many brands realize that their product visuals have a strategic value, and leaks before the official launch can have devastating consequences for brands.
We discovered raw data from the advertisement we were working on was released on a website, and we terminated the vendor. We also created tight regulations against such actions, such as penalizing third parties if data leaks occur on their end.
– CEO of a Swiss Advertising agency
Overall, intellectual property leaks can cause significant harm to brands, such as bad press, costly marketing campaigns being spoiled, legal and contractual issues, fall in sales and counterfeiting.
How is the information leaked?
Business information leaks can occur in various ways and pose a significant threat to companies. Here are some common ways in which business information is leaked:
During cybersecurity incidents an attacker gains unauthorized access to a computer system, network, or data. These breaches can take many forms, including hacking, phishing, malware, ransomware, Denial of Service or even psychological manipulation.
A hacker gained access to our servers and pulled out customer information and some confidential documents, which was both monetary and reputational loss to us. We discover the leak a few months later and must alter several of our plans. Finally, we strengthened our security system and filled all possible gaps on the server.
– COO of a UK Automotive company
These breaches can result in the loss or theft of sensitive information, financial loss, damage to reputation, and legal and regulatory fines. It's important for companies to have robust security protocols in place to prevent cyber breaches, as well as incident response plans in place to minimize the damage if a breach does occur.
Insider leaks refer to the unauthorized release of confidential information by someone who has access to it through their employment or other association with an organization. They can be committed by a variety of individuals within an organization, including employees, contractors, consultants, and vendors.
These leaks often reveal financial data, strategic plans, product developments, or other sensitive information that, if made public, could impact the organization's reputation, stock price, or competitive position. Insider leaks have significant consequences for the organization and the individual responsible for the leak.
A former employee had previously leaked sensitive data to another company that works in the same domain. Remedial actions were promptly taken to close the leakage channel and for prevention purposes, the common database of documents and information are now increasingly secured and monitored.
– CRO of a US Consumer electronics company
Media leaks reveal confidential information on television, newspapers or online news outlets. In contrast to insider leaks, media leaks can be made by anyone, even individuals who are not connected to the organization involved. Media leaks often aim to expose unethical behavior or influence public opinion. Some media outlets also specialize in uncovering and revealing new products before their official release.
We received a massive round of funding from a very high-profile investor. This was going to be a major media push for us as it was a huge endorsement of our business model by one of the most influential people in the industry. We had only just started to work on the press release, when I got a call from a business reporter wanting to break the story. It turned out that it was a board member who had leaked the story to boost their own profile.
– PR Manager of a UK Entertainment company
It is important for brands to understand these risks and take steps to prevent business information leaks. This can include implementing strong security measures, training employees on security awareness, setting up a leak prevention solution and having a plan in place for responding to data breaches and leaks.
Ready to learn more about protecting your digital assets against leaks? Download our ebook “Branded Content Protection”!
Note : The cases quoted in this article are real testimonies collected during a study carried out by IMATAG : RISKS, COSTS AND CONSEQUENCES OF VISUAL CONTENT LEAKS (download the executive summary here).