Data Breach


Research question: What is the impact of data breach and the effect it has on consumer?

Don't use plagiarized sources. Get Your Custom Essay on
Data Breach
Get a plagiarism free paperJust from $13/Page
Order Essay


Thesis: Data breach impact on consumer because businesses are not well prepared to respond to data breach attack.



Table of Contents

ABSTRACT……………………………………………………………………………………………………………………………. 1


IMPACT ON CONSUMER………………………………………………………………………………………………………5


Reference. 16











Data breach is currently a modern-day challenge. Data breach is the intentional or unintentional of accessing data, disclosing or manipulating data.Many organizations including the federal government have been a victim of data breaches. Data breach does not affect the organization, it also affects the people who are affected by it. Studies show that millions of Americans have been part of some type data breach. Organizations that have been affected by data breach has to deal with the aftermath of that breach.

In most cases, organization has to pay monetary damages to the consumers. Often time they lost investors, shareholder, or public trust. Some organizations have indicated that they do not have any protocol in place to fight cybersecurity prior to data breach happens. The fallout of mismanagement of data has caused financial burden on the consumers. Some of the main concern for most consumers, is identity theft.

Data breach involved consumer personal identifiable information such as name, date of birth, Social Security number, address, mother’s maiden last name, place of birth and more. With these critical information hackers can cause damages to person finance which can take years to resolve. In order, for victim to file any lawsuit or class action, they have to be able to prove that the business/organization is the cause of their identity theft or any issues that arise because data breach. this paper outlines some of the key components’ organization can take before a security incident happens.




Cybercrime and cyberattack are amongst the major risks to the economic system and business steadiness today, particularly as the world becomes more digital. With the internet continue to grow globally, the opportunities for cybercriminal have also grown. Cybercriminals can attack financial services, retail, hospital and more. Most of the cyberthreats are the sources of malware, spam, and phishing, (Davidoff, 2019)-book.

The main cause of data breach has been an extreme issue for the federal government and corporate America. Federal agencies collect personal information and store it on their database. Corporate America collects personal information from the public and store the data in their database. That information can easily be distributed, if not secure. Several corporate companies and federal agencies have been victimized by cybercrimes and cyberattacks. In 2017, 144.5 million Equifax users were left digitally vulnerable due to data breach. after the data breach, the company did not properly provide ongoing communication or information about the attack. Based on study that was done after the Equifax data breach, Equifax users were frustrated and outraged about the security violations, (Novak & Vilceanu, 2019)- peer-review. OPM is a federal government agency that also have been a victim of cybersecurity attack, not once, but twice. 21.5 million federal employee background information and 5.6 million fingerprints were stolen, (Gootman, 2016)-peer review

In 2015, Anthem, a health insurer and health plan administrator, was part of data breach, which involve 80 million individual’s information. FTC report concluded that in 2015, the security equipment was less sophisticated and make it harder to identify security risk. FTC concluded that router had proven to be vulnerable to “botnet malware and increase concern about that vulnerability can be exploited- (Riga, 2017)- peer.

The step business can take to prevent data breach and protect their consumer private identifiable information:

According to Fowler, data breach has become a daily discussion everywhere, including the boardroom or the lunchroom. Fowler define data breach as security occurrence that contain the intentional or unintentional access, disclosure, manipulation or destruction of data. If the incident is not properly managed, it can later result in lawsuit, fines, or cause reputational damage to any organization.  Ever since cybersecurity has deemed a technology concern, Breach Management has created a response team that focus solely on breach response.  Fowler identify twelve phases by the breach response team. These phases are as follow:(Fowler, 2016)- BOOK

  • Preparedness: during this phase, organization identify sensitive information, implement cyber defenses and detection capabilities, and to develop and test a Computer Security Incident Response (CSIR) Plan to manage an incident.
  • Detection: it is the moment that an organization has been alerted of a security issue. Once the issue has been discovered, the organization implement the CSIR Plan. Following these steps prevent organization from mishandling a security issue.
  • Invoking the Computer Security Incident Response Team: during this phase, team members including stakeholder, who assigned to handle the security incident gather together and also discuss whether external personnel should be involved.
  • Qualification: Verify the legitimacy of the incident. Organization should be able to identify the source, details, and determine why the incident occur.
  • Engaging third parties: third parties can be legal counsel, public relations firms, forensics response providers. Before bringing in third party, the organization has to have everything else in place to provide to the third party.
  • Breach Investigation: The observing, gathering, protection, and examination of electronic or digital evidence in an effort to verify the incidence, extent and timeframe associated with an incident.
  • Containment: Reducing the spread, reoccurrence, and scope of the unauthorized access within an organization. This often involving eliminating compromised systems from the network or shutting down cooperated web applications.
  • Notification and injury management: Detecting and informing affected victims, regulators and other about the Breach as applicable. Classifying regulatory, legislative, contract, and industry good practices assist in controlling the requisite.
  • Recovery: Reestablishing trust to a currently untrusted host or environment. This may involve upgrading systems and networks holding compromised hosts or reinstating damaged data from backup.
  • Environment validation & business resumption: Revising and confirming the successful revival of the environment is a critical step in comforting internal staff, external stakeholders, and the industry as a whole that your organization has absorbed and developed from the past Breach and is ready to restart trusted business operations.
  • Postmortem: Mirroring on the attentiveness, discovering, and controlling of the incident to label what worked well and what demands focus to lessen the probability of a repeat incident and identifying recommendations to expand the capability to notice and manage future incidents.
  • Post-Breach activities: handling Breach connected activities which apparent after the incident has been closed. These activities typically include lawsuits by impacted organizational shareholders, clients, and partners.

With that being said, Fowler lay a well-plan for organization who has been compromised by data breach or has been affected by data breach. according to Fowler, if organization’s follow these CSIR phases, organizations should be able to detect data breach and manage it accordingly. So, the question remains, why organization like Uber, Facebook, Bank of America, OPM, have been a victim of data breach on numerous occasions.

Business should have a communication plan to ensure that their consumer receive proper communication after a data breach.

The most important part of data breach is crisis communication. In accordance with Coleman, as part of crisis communication, people were not being considered. Organization spent time establishing plan, process, or procedures, but fail to recognize the impact it has on the people. Coleman focuses on crisis communication, and the impact it has on people who are internal and external of the organization. “The most important starting point is to have a clear crisis communication plan that can be understood by the communication professional and everyone else working in or supporting the business’s crisis response” (Coleman, 2020)- book. During a data breach, Coleman highlights a communication plan to better serve the organization to response accordingly:

  • Purpose of the plan- this step outlines the responsibilities that business or organization has in place to respond to a crisis. The communication plan can be attached to a business crisis or emergency response manual.
  • Approach- outside of the organization vision, mission and philosophy, the organization should consider the people opinion about the organization.
  • Communication-in this step, organization sketch the precedence for the communication reaction through the stages of a crisis, from identifying the issue or incident and the first phases of the crisis, evolving the response, re-establishing the status quo and finally the move to recovery.
  • Structure of the response-roles and responsibilities,
  • Scenarios and key messages- once the organization develop key points on how to response to cyber-attack, the organization can provide a helpline number. This helpline answer questions about the incident and that the incident is being addressed and managed within the organization.
  • Priority channels-the policies that already exist will provide understanding of where the business’s priority audiences get their communication and where they will go to for updates in the instant a crisis emerges.
  • Stakeholder engagement- Communication to those groups like shareholders, investors, regulators, or partner agencies is important. The communication can build trust and confidence in the business and demonstrate that the business has the crisis under control and in turn it can create longer lasting relationship.
  • Resourcing- Business first identify the resource they need and where the resource will come from. To be successful in responding to a crisis, it will take time, effort and care which requires to have all resources in place.
  • Reviewing and evaluation- Both review and evaluation are different to the media monitoring that is required throughout the crisis. Media monitoring is about understanding what is being said on social media and in the traditional media so that inaccuracies can be corrected, and the messaging activity can be refined. Evaluating the crisis communication plan is about a longer-term understanding of the organization’s reputation and trust and confidence in the business.

The impact data breach has consumer, and the litigation action consumer can take the business after data breach.

Based on a survey done by Ablon,et al., in 2016 64 million adults in the United States, have received some types of breach notification in the past twelve months.  Based on the information gather by the surveyors, only 44 percent of those individuals were aware of the breach prior to being notify by the organization.  56 percent of those who complete the survey mention that they were aware of the notification when they were notified of the breach.  According to Ablon, et al, by 2016, 47 states have passed legislation require businesses that affected by data breach to notify the individual when a breach occurs. This legislation gives the consumers a chance to respond to the incident and act quickly. “Despite the mounting rate of security breaches, the continuing harms imposed on consumers and firms, and more than a decade of breach-notification laws, very little research exists that examine consumer response to these developments”, (Ablon, Heaton, Lavery D, & Romanosky, 2016)- book.

Different data can becompromised during a data breach. Ablon,et al.. lists some of the information that has been compromised in data. Here is the information provided by Ablon et, al.. Target lost consumers credit card information. Anthem lost consumers’ Social Security numbers; medical information was stolen from TRICARE. Countrywide lost information mortgage information during data breach. Sony PlayStation lost user account data and OPM lost sensitive personnel information, (Ablon, Heaton, Lavery D, & Romanosky, 2016). Amongst that information that have been compromised, consumers reported that some information cannot be changed such health information, Social Security numbers, or other personal information.  Based on the survey done by Ablon, 18 percent of the respondents of that survey mentioned that they were never inform of the breach, (Ablon, Heaton, Lavery D, & Romanosky, 2016).

Per Hooker, a few consumers whose information have been compromised file a lawsuit. Hooker mentioned that plaintiff (victim of data breach) has to prove whether or not the harm to them was caused by data breach. “Proving causation in data breach litigation naturally will become increasingly difficult task as additional data breach occur and more individual becomes the victim of multiple cyber breaches”, (Hoker, McConnell, & Pill, 2020)- peer review . When it comes to proving fault or negligence of the defendant, plaintiff has to show the court three (3) elements. These elements are (1) an injury showing an “invasion of a legally protected interest”; (2) a causal link between the injury and the alleged conduct of the defendant; and (3) the injury is “redressable(able) by a favorable decision”, (Hopkins, 2020). In other word, consumers can take legal actions if they believe that the organization is at fault for compromising their personal identifiable information.

Data breaches are progressively becoming part of consumers daily lives. No businesses or corporations are exempt from being attack.  As data breach continuously to increase, identity theft is also becoming an increasingly possibility. As stated in Marcus journal, the current solution to handle the incidents are miserably lacking. “Most companies only discover deficiencies in their security systems following a data breach. Private parties then turn to litigation to bring claims damages stemming from the breach and to demand better cybersecurity practices”, (Marcus, 2018)-Peer review. These lawsuits might force some companies to take the initiative to institute cybersecurity reforms, severe changes to guarantee consumers person information and financial information are protected, (Marcus, 2018).

“When a data breach occurs, the usual procedure is for the breached entity to notify those who data has been compromised. For consumers, data breaches cause many types of harms, including loss of privacy, economic loss, safety hazards, fear of future damages, and inconvenience”, (Johnson & Millett, 2016). Johnson also mentions in the book, often time, the consumers are unwilling undertake risk behavior that leads to privacy breach. it is common due to lack of consumer education on data breach. it is important that consumer do understand the risk of such data and harm.

Data breach impact on the economic.

The cost of cyber-security breach has increased over the years. In 2017, cybersecurity breach was $3,860,000, and the cost of stolen information was $148 each. So, each company has their own estimates because the estimate is different from company to company. “According to Sfax, a fax-securing company for hospitals, the global average cost of a cybersecurity breach was at $3,620,000 in 2017. However, in the US, where there were more cyberattacks, the company estimates the average cost of each attack to be $7,350,000”, (Aslaner & E., 2019)-book.

Cybercrime has become one of the most expensive economic disaster in a lot country.  In average of $600,000,000,000, is depleting from the universal economy through cybercrime yearly. “$600,000,000,000 is an enormous figure and the loss of this has affected many factors, including. Cybercrime crime is hurting the economy and, in turn, hurting the job market” (Aslaner & E., 2019). One of way that cybercrime is destroying the economy is through espionage. Data breach can also be internal. It could be lack of caring by employee who misplaced data that can cause harm to the busines.  Organization has spent a lot of money on building its brand and fighting to keep market share and keep investors satisfied. If there are no trusted brand names, most companies could fall into nothingness. “Cyber-attacks tend to attract press, and this leads to damaging a company’s brand and reputation. Investors are put in a frenzy of selling their shares to prevent further loss” (Aslaner & E., 2019).

Inconclusion, data breach is one of the most challenges the world has ever face. Data breach is not only a U.S.A challenge, it is a global challenge. Data breach occurs when someone intentionally or unintentionally access, disclose information. Most high-end companies have a victim of cyber-attacks. Companies such as Target, Equifax, Anthem, even the OPM which a federal agency. Cyber-attacks do not care about the business worth or what type of business it is. There are some precautions business can take to prevent cyber-attack. Ablon mentions twelve steps business can take to properly handle data breach. data breach does not only affect the business, it also affects the consumer. Most consumers alleged that they were not informed of the data breach from the company itself. Some consumers alleged that they had some knowledge of the data breach prior to any notification. Corporate America and the federal government have to make the consumer a priority when data breach happens. Because the consumer has to ensure that they have enough time to take precautions and step to protect their information. Most of the information that are stolen are personal information such as name, date of birth, Social Security number, address, parents name, driver’s license number. The consumer personal safety is at risk if they are not properly informed. It is also important that the business provide a helpline in case the consumers have questions about the data breach. One of the issues that most company fail to properly do is communicate the information with their consumers. Data breach can lead to litigation against the company that fail to secure the consumer personal information. Data breach is also costly and can affect the economy in a negative way.



Ablon, L., Heaton, P., Lavery D, L., & Romanosky, S. (2016). Consumer Attitudes Toward Data Breach Notifications and Loss of Personal Information. Santa Monica: RAND Corporation.

Aslaner, M., & E., O. (2019). Hands-On Cybersecurity for Finance. Packt Publishing.

Coleman, A. (2020). Crisis Communication Strategies: How to Prepare in Advance, Respond Effectively and Recover in Full. New York: Kogan Page.

Davidoff, S. (2019). Data Breaches Crisis and Opportunity. Pearson Education.

Fowler, K. (2016). Data Breach Preparation and Response. Cambridge: Elsevier.

Gootman, S. (2016). OPM Hack: The Most Dangerous Threat to the Federal Government Today. Journal of Applied Security Research, 517-525.

Hoker, M., McConnell, G., & Pill, J. (2020). Here We Reached The Tipping Point? Emerging Causation Issues in Data-Breach Litigation. Florida Bar Journal, 9-17.

Hopkins, M. (2020). Your Personal Information was Stolen? That’s an injury: Article Standing in the Context of Data Breaches. The University of the Pacific Law Review, 427-451.

Johnson, A., & Millett, L. (2016). Data Breach Aftermath and Recovery for Individuals and Institutions. National Academic Press.

Marcus, D. J. (2018). The Data Breach Dilemma: Proactive Solutions for Protecting Consumers Personal Information. Duke Law Journal, 556-593.

Novak, A., & Vilceanu, O. (2019). The Internet is not pleased: Twitter and the 2017 Equifax data breach. Communication Review, 196-221.

Riga, S. (2017). Two Breaches, Two Enforcement Actions, And A DDOS Atack: Data Security And the Rise of the Internet of Things. Journal of Internet Law, 3-7.




Homework Valley
Calculate your paper price
Pages (550 words)
Approximate price: -

Our Advantages

Plagiarism Free Papers

All our papers are original and written from scratch. We will email you a plagiarism report alongside your completed paper once done.

Free Revisions

All papers are submitted ahead of time. We do this to allow you time to point out any area you would need revision on, and help you for free.


A title page preceeds all your paper content. Here, you put all your personal information and this we give out for free.


Without a reference/bibliography page, any academic paper is incomplete and doesnt qualify for grading. We also offer this for free.

Originality & Security

At Homework Valley, we take confidentiality seriously and all your personal information is stored safely and do not share it with third parties for any reasons whatsoever. Our work is original and we send plagiarism reports alongside every paper.

24/7 Customer Support

Our agents are online 24/7. Feel free to contact us through email or talk to our live agents.

Try it now!

Calculate the price of your order

We'll send you the first draft for approval by at
Total price:

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

We work around the clock to see best customer experience.


Flexible Pricing

Our prices are pocket friendly and you can do partial payments. When that is not enough, we have a free enquiry service.


Admission help & Client-Writer Contact

When you need to elaborate something further to your writer, we provide that button.


Paper Submission

We take deadlines seriously and our papers are submitted ahead of time. We are happy to assist you in case of any adjustments needed.


Customer Feedback

Your feedback, good or bad is of great concern to us and we take it very seriously. We are, therefore, constantly adjusting our policies to ensure best customer/writer experience.