Data runs our lives. It’s the engine behind effective patient care, infrastructure, mass transportation and more. When the underlying data layer is compromised due to negligence or bad actors, grave consequences can occur.
In this article, we’ll take a look at some high-profile data breaches from the past decade and the one thing they all have in common.
We’ll explore the core challenges that continue to hinder progress and outline the key ingredients of a practical, data-centric solution that agencies can implement today.
Major Cyber Breaches & the Common Thread
Let’s start with a refresher of some of the major breaches that have shaped the cybersecurity landscape:
“Signalgate” Messaging Leak (2025)
A journalist publicly leaked critical strike timing data, internal deliberations, and other sensitive operational plans from Signal.Teixeira Pentagon Leak (2023)
A National Guardsman used authorized access to expose Ukraine war intelligence, U.S. surveillance operations details, and other sensitive information.MOVEit Transfer Exploitation (2023)
Attackers exploited a SQL injection vulnerability and exfiltrated mass amounts of sensitive information (financial history, SSNs, etc.), affecting millions of individuals.OPM Breach (2015)
Nation-state actors exfiltrated background investigation records for over 22 million individuals, including financial history, fingerprint data, mental health records, foreign contacts, and other sensitive information.Snowden Incident (2013)
An NSA contractor used privileged access to leak classified documents containing information about global surveillance programs, resulting in global diplomatic fallout.
Each breach involved distinct threat actors, entry points, attack vectors, and exploitation techniques. Despite the differences, they all converged on a single objective: the data.
Recognition of this shared target is echoed repeatedly in the aftermath of each breach. From internal post-incident reviews to public forums and even DoD-level messaging, the following data-level security gaps are consistent themes:
- A lack of visibility into where sensitive data is or who has access to it
- Excessive permissions & overexposure of sensitive data are everywhere
- A need for Zero Trust and Conditional Access Enforcement
What an effective solution entails
While discussions around the need for data-centric security controls continue, meaningful action often lags behind. Many agencies clearly recognize the importance of the issue — and some have made commendable strides — but broader responsibility and follow-through remain limited.
Everyone seems to care about the problem, but ownership and responsibility for it are not consistent. This gap between awareness and execution makes the data security challenge appear more complex than it truly is.
The solution is straightforward — a data-centric find, fix, and alert methodology.
Find where sensitive data is and where it’s at risk
- Use automated content scans to accurately discover and classify where sensitive data is. Relying on end-users will not be successful.
- Visibility must be current. Prevent outdated results and scalability issues by incrementally scanning files as they are created and modified.
- Visibility must be complete. Sampling and predictive scanning for unstructured data leads to blind spots where breaches happen.
- Visibility must have context. Analyze access controls to determine who can access sensitive data and where it’s exposed. This is the only way to prioritize risk and make a data inventory actionable.
Utilize automation to fix data-level risks at scale without breaking operations
- Data and risk are growing too rapidly to rely on help desk tickets to remediate each risk. Excessive permissions, incorrect labels, data in unauthorized locations, and stale access keys are rampant.
- Automation is the only way to reduce the blast radius before a breach happens without impacting operations.
Monitor data-level activity and alert on anomalies
- Banks and credit card companies analyze account transactions to identify fraud. This same level of visibility is needed to protect what cyber threats are targeting: data.
- Monitor, baseline, and alert on data-level transactions (read, move, modify, delete, etc.) that deviate from each identity’s peacetime profile. This level of defense is required to effectively detect insider threats and compromised accounts.
Get started today
If we’re serious about preventing future breaches, we need more than dialogue — we need action and commitment. Many organizations have already shown that meaningful progress is possible. It’s never easy, but it is achievable — and it’s the only way to ensure lasting impact.
Varonis has been using the automated find, fix, alert methodology described above to secure data across the DoD for 15 years. Get started with a no-cost Data Risk Assessment today.
In less than 24 hours, you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation.
