The words ‘data breach’ are enough to send shivers down any business leaders’ spine. If you leak customer data, even if accidentally, it can result in significant financial fines, reputational damage and a whole lot of stress. If the breach puts you in non-compliance with GDPR, you can face fines of up to £8.7 million.
One of the most significant incidents in recent years was the PDL data breach. It affected 1.2 billion records and is still spoken about today as an example of what you don’t want to happen to your business. Although it may have happened years ago, data breaches like this are still causing disruption today. In the recent DragonForce ransomware attacks on UK retailers, millions in profit has been estimated to be lost.
Below, we explore how the PDL data breach occurred and the important lessons you can apply to your business today to avoid similar events.
The PDL Data breach: an overview
The PDL data breach was first discovered by security researchers, Vinnie Troia and Bob Diachenko, in October 2019. 1.2 billion personal data records (totalling 4.2 terabytes) were freely accessible via an insecure server on the dark web. People Data Labs (PDL) were traced as the source of part of this data set.
Although the server was not owned by PDL, it is believed that a customer failed to properly secure the database. The exposed information included a wide range of personal details, raising concerns about the potential misuse of this data for criminal activities such as phishing, scamming and identity theft.What data was leaked in the PDL breach?
The PDL data breach shared data records included usernames, social media accounts, 622 million email addresses and 50 million unique phone numbers. Whilst the data set did not contain passwords or social security numbers, it did have all the information necessary to impersonate someone.
Vincent Troia, who found the breach, stated at the time: “This is the first time I’ve seen all these social media profiles collected and merged with user profile information into a single database on this scale. From the perspective of an attacker, if the goal is to impersonate people or hijack their accounts, you have names, phone numbers, and associated account URLs. That’s a lot of information in one place to get you started.”
The intention of the data leak remains unclear, because this data was fully accessible with no payment required and with no links to an author. PDL has since claimed that the data was not obtained as a result of a breach, but instead was likely resold or released by one of their customers.
What was the role of the deep web and the dark web?
The unsecured server containing the massive dataset in this breach was likely hosted on the deep web. The deep web is an area that is not accessible by the main stream search engines where you can often find leaked data.
The deep web was initially designed for the US secret service, so that they could access files without being detected. Unfortunately it has turned out to be a double-edged sword as the very feature of un-traceability which was invaluable to the military became used by criminals. Although the PDL particular data set has since been removed by the FBI, the researchers have no way of knowing if anyone accessed the data set prior to its removal.
After the breach was discovered, the dark web became a potential marketplace for the data. The dark web is a website within the deep web that is linked to illegal activity. Cyber criminals could have sought to sell or distribute the compromised information within dark web forums and marketplaces, further jeopardising the privacy of the affected individuals.
While it’s unclear if the data was actively traded on the dark web in this specific case, it remains a common scenario in data breaches. This is where businesses risk losing sensitive IP or placing their customers at risk.
How common is a data breach?
It may be tempting to think the PDL data breach is a one-off scenario. But it’s far from it.
In 2024, more than 5.5 billion data breaches occurred globally. The DragonForce attacks, occuring in April 2025, has also seen data stolen, with the attackers claiming to have taken significant amounts of customer and employee data from the targeted retailers, putting them at risk of a compliance breach.
There are a number of factors driving the rise in data breaches including:
- Increased digitisation. As more aspects of our lives move online, the amount of data stored digitally has exploded. This creates a larger target for cyber criminals.
- Sophistication of cyber attacks. Hackers are constantly developing new and more sophisticated methods to breach security systems. This includes malware, phishing, ransomware and social engineering tactics.
- Human error. Employees can make mistakes that lead to data breaches, such as clicking on phishing links, using weak passwords or misconfiguring systems.
- AI as a weapon. AI is being increasingly used by cyber criminals to automate and scale their attacks, making them more efficient and difficult to detect. This includes generating highly convincing deepfake phishing attempts, automating malware creation and rapidly identifying vulnerabilities in systems.
- Lack of security investment. Some organisations fail to invest adequately in cyber security measures, leaving them vulnerable to attacks. This can be due to budget constraints, lack of awareness or complacency.
- Value of data. Personal data has become a valuable commodity, with cyber criminals seeking to steal and sell it for financial gain. This motivates them to target organisations that hold large amounts of sensitive information.
- Expanding attack surface. With the rise of cloud computing, mobile devices and IoT devices, the number of entry points for cyberattacks has increased significantly. This makes it more challenging to secure systems.
- Regulatory landscape. While regulations like GDPR aim to protect personal data, they also increase the pressure on organisations to report breaches, making them more visible.
How to prevent data breaches in your business
A data breach can bring substantial damage to your business. If you want to reduce the risk, here are our tips to follow:
1. Implement strong security measures
This includes using firewalls, intrusion detection systems and antivirus software to protect against malware and other threats. Firewalls act as the first line of defense, while Intrusion Detection/Prevention Systems (IDPS) actively scan for and block malicious activity. When using these tools, ensure they are properly configured and regularly monitored. Ensure your antivirus and anti-malware solutions are always up-to-date and configured for thorough scans. For larger businesses, a Security Information and Event Management (SIEM) system can centralize and analyse security logs, providing real-time alerts and insights into potential threats.2. Encrypt sensitive data
All sensitive data stored on servers, databases, laptops and mobile devices should be encrypted. This renders the data unreadable to unauthorised individuals, even if they gain access to the storage medium. A good business system or cloud provider should offer robust encryption by default. For data in transit, use Transport Layer Security (TLS) or Secure Sockets Layer (SSL) for all data exchanged over networks, especially public ones. This is crucial for websites, email communications, and data transfers to cloud services.
3. Use multi-factor authentication
Go beyond just passwords. Implement MFA for all accounts, especially those with access to sensitive data or critical systems. This adds a crucial layer of security, making it significantly harder for attackers to gain access even if they compromise a password.
Utilise various methods like authenticator apps, hardware tokens or biometric authentication. Educate employees on the importance of not sharing MFA codes.
MFA should also be backed by least privilege and role-based access control. Grant users and systems only the minimum level of access necessary to perform their legitimate functions. This streamlines access management and reduces the risk of over-privileged accounts. Periodically review user access rights to ensure they are still appropriate and remove access for employees who have changed roles or left the company.
Regularly train employees on the latest cyber security threats and best practices. This should cover how to identify suspicious emails, links and communications, including deepfake phishing attempts. This includes:
- Conduct simulated phishing exercises to test staff awareness.
- Emphasise creating long, complex and unique passwords for different accounts and the importance of using a password manager.
- Advise on safe website navigation, avoiding suspicious downloads, and understanding website certificates.
- Educate on proper procedures for handling sensitive data, including data classification, storage and sharing protocols.
- Empower employees to recognize and report suspicious activity or potential breaches immediately.
Remember, cyber security threats evolve, so training should be ongoing, not a one-time event.
6. Conduct regular security audits
Routinely scan your systems and networks for known security weaknesses, hiring ethical hackers to simulate real-world attacks on your systems. This helps identify exploitable vulnerabilities before malicious actors do.
Conduct these tests annually or after significant system changes.
Internally, regularly review your security policies, procedures, and controls to ensure they are effective and being followed.
7. Comply with data privacy regulations
Thoroughly understand and comply with relevant data privacy regulations like GDPR and any industry-specific standards. Know what sensitive data you collect, where it’s stored, how it’s processed and who has access to it.
You should also integrate privacy considerations into the design and development of all new systems, products, and services.
8. Develop a robust incident response plan
Develop a clear, documented plan that outlines the roles and responsibilities of the incident response team, detection and analysis procedures, containment strategies to limit damage, eradication and recovery steps and a post-incident review process. This will keep you prepared should the worst happen.
Alongside this, regularly back up your data. Maintain at least three copies of your data, store them on two different types of media and keep one copy offsite. Regularly test your backup restoration process to ensure data integrity and that you can recover quickly in the event of data loss or a ransomware attack. Consider keeping some critical backups offline to protect against ransomware that could encrypt online backups.
9. Secure your supply chain and third-party vendors
Your security is only as strong as your weakest link. So, vet all third-party vendors and cloud service providers to ensure they have adequate security measures in place. Include strong data protection and security clauses in contracts with vendors, specifying their responsibilities in case of a breach. Continuously monitor the security posture of critical vendors.
Keeping your data locked down
In order to prevent data breaches, your data should be secured. Following the tips above will help you to mitigate any risk to your data – but it’s also crucial to have the right tools and consistent processes.
In this video, our experts share their top tips for protecting your business data, built on years of cyber security experience. Watch it below for tool recommendations, important considerations and practical insights to apply.
