A data breach is defined as the unauthorized exposure, disclosure, or loss of personal information, frequently driven by motives ranging from financial gain to political activism or espionage. These incidents commonly stem from various technical vulnerabilities, including insider actions, lost or stolen unencrypted devices, exploitation of software flaws by hackers, or social engineering tactics like phishing. While precise statistics are challenging, data breaches have shown a continuous increase through 2022, with organized crime estimated to be responsible for 55% of cases.

For individuals, compromised data frequently leads to a significantly elevated risk of identity theft for years, as stolen information is often sold on the dark web. Consequently, companies are legally mandated in many jurisdictions, including all U.S. states and EU member states, to notify affected individuals and may face lawsuits. Although prevention efforts can reduce risk, the economic harm to breached firms beyond direct costs and a temporary stock price decline is often limited.