Risks to Privacy from Collecting and Storing Data on a Computer

When personal, sensitive, and confidential data is stored digitally, it is always at risk from threats such
as malware, data breaches, insider threats, and human error. Personally Identifiable Information (PII) like names,
addresses, financial information, and medical records can be especially damaging if exposed. Protecting this type of
data is critical because it can be misused in ways that cause long-term harm to individuals and organizations.

One of the largest examples of data misuse was the Yahoo data breach in 2013, in which hackers exploited a vulnerability
that exposed the data of approximately 3 billion users. Stolen information included names, email addresses, and login
credentials. Beyond direct hacking, data misuse can also occur through organizations themselves, such as when companies
collect customer data and later use it for targeted advertising beyond what was originally disclosed. Even employee negligence,
like sending unencrypted emails containing sensitive data, can result in major breaches.

Companies are responsible for implementing strong cybersecurity policies, including encryption and employee training, to reduce
the risks of breaches. Governments create and enforce data protection regulations, such as the GDPR in Europe or state-level privacy
laws in the U.S., to ensure accountability. Individuals also play a role by controlling what information they share online, using
secure passwords, and monitoring their digital privacy settings. Together, these groups share responsibility in protecting sensitive
data.

Examples of misuse include cryptocurrency mining on hijacked systems, where attackers secretly use someone else’s computer to generate
profits. Botnets, or networks of compromised computers, are often used to spread spam or host malware. Other forms of abuse include illegal
downloads, identity theft, cyberbullying, and hacking, all of which exploit computing resources to harm others or gain unauthorized benefits.

Protecting computing resources requires multiple layers of defense. Access controls are used to limit who can see or use certain data
and systems, ensuring only authorized users are allowed entry. Firewalls and intrusion detection systems help identify and block suspicious
activity on networks. Importantly, user training remains one of the most effective protections, since many attacks exploit human error rather
than technical flaws. No single technology can fully secure a system, but combining these protections creates a much safer digital environment.

No single technology that can fully safeguard data. Protection measures like firewalls, intrusion detection systems and user training are crucial
for a safe online environment. Access control is an element of security that determines who can be allowed to certain data and applications. Access
control relies on authorization to verify users. Access control can keep confidential information from being stolen from bad actors and unverified
users.

Some of the most damaging cybersecurity incidents in history have come from unauthorized access. For example, the Yahoo data breach
exposed billions of accounts, while the Colonial Pipeline ransomware attack (2021) shut down fuel supplies across parts of the United
States after hackers exploited a weak password. Another example, the Sony Pictures hack in 2014, exposed private employee data and internal
communications, leading to both financial and reputational damage.

High-profile breaches and their impacts on individuals, businesses, and governments. Defending against unauthorized access requires both
technical and behavioral safeguards. Multi-factor authentication (MFA) adds extra security beyond passwords, making it harder for attackers to
break in. Encryption ensures that even if attackers access data, they cannot read it without the proper keys. Finally, regular security updates
and patching prevent attackers from exploiting known software vulnerabilities. When combined with employee awareness training, these strategies greatly
reduce the risk of unauthorized access.