Skip to content
Vectel
Support/Compliance and regulations

Security incident or data breach, what is the difference?

Not every incident is a breach. A breach is an incident where personal data was accidentally destroyed, lost, altered, accessed, or shared.

Try this first

  1. 1Security incident: a disruption or weakness in security. Phishing attempt, failed ransomware, unpatched server. Internal logging, not automatic external notification.
  2. 2Breach: personal data is involved in a loss of confidentiality, integrity, or availability. Ransomware encrypting personal-data files counts. A blocked attempt does not.
  3. 3In doubt? Treat as a breach until proven otherwise. Notifying early is safer than late.
  4. 4Track both categories separately. The incident register supports audits; the breach register is statutory.
  5. 5Train staff on the distinction. People often label something a "breach" that is not, or vice versa.

When to bring us in

Active incident with uncertainty about exfiltration? Get CSIRT or forensic advice before you intervene further. Evidence vanishes in half an hour.

See also

None of the above fits?

Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.

Who are you?

For the AI question we need your email and company, so we can follow up if the AI gets stuck, and to prevent abuse.

Limited to 2 questions per hour and 5 per day, kept lean so the AI stays useful. For more, contacting us directly works better for you and us.

Or skip the DIY entirely

Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.

Bring us inHow Managed IT works