What is a security incident? What is a data breach?

A security incident is any event that compromises the security of our systems, information, or buildings, for example, a lost device, a cyberattack, or unauthorised access to a restricted area.

A data breach is a type of security incident defined as 'a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed'.

Some examples of different types of data breaches are:

• Accidentally sending personal information to the wrong person by getting an e-mail address wrong, or including additional participants to an e-mail that did you not mean to
• A Laptop that contains personal information being lost or stolen
• Accidentally leaving personal information somewhere
• Someone looking over your shoulder in a public place and seeing personal data on your laptop
• A cyberattack that prevented access to or destroyed records
• Unauthorised or accidental alteration of personal data

The Information Commissioner's Office (ICO) have published helpful case studies on various breaches: