Privilege Misuse

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.


Your employees continue to use their access to commit breaches and, in some cases, initiate fraudulent transactions. We saw more collusion between multiple types of actors this year.

What is the same?

This pattern continues to be dominated by the Internal actor, by definition. Most are motivated by financial gain, and Personal data continues to be a favorite target.



406 incidents, 288 with confirmed data disclosure

Threat actors


Internal (99%), Multiple (7%), External (6%), Partner (2%) (breaches)

Actor motives


Financial (89%), Grudge (13%), Espionage (5%), Convenience (3%), Fun (3%), Ideology (2%) (breaches)

Data compromised


Personal (73%), Medical (34%), Other (18%), Bank (12%), Payment (12%) (incidents)

My employees love me!

People may think they are somehow immune to a data breach. They may put their trust in their security controls, thinking they have amazing, impenetrable defenses. They may put their trust in “flying under the radar” or believe they are too small to have a breach. But this kind of thinking largely assumes breaches come from the outside, from the “bad actors” that are external to the organization. What they fail to take into account is the risk of an insider breach. “Surely, MY people wouldn’t do that!” they say. But of course, they would—and don’t call me Shirley.

The hard fact to face is that some of our employees also cause data breaches for malicious reasons. The most common nonaccidental Internal actor breach is Privilege abuse. This is just what it sounds like—employees abusing the access they have been given to do their jobs to steal data instead. They are significantly more likely to do this for their own financial gain (Figure 48). We know, it’s a shocker.

2023 Data Breach Investigations Report

We’ll just help ourselves.

We’ve talked about your employees committing these acts—but our At-a-Glance table shows that we see other kinds of threat actors in this pattern. Interestingly, we see multiple threat actors (Internal, External, Partner—some combination of these three) in 7% of the breaches. This is collusion—evidence of multiple kinds of Actors working together to bring about a data breach.

Indeed, we have seen instances where organized fraud gangs have sent in people with the objective of being hired by businesses for the purpose of facilitating large-scale scams. We have seen this in multiple industries, and it has continued to plague organizations for years. These people can be difficult to spot—they may present and interview convincingly. This practice by financially motivated criminal groups makes it even more important to have your detective controls in place to catch the inappropriate access that these people are enabling. One of the difficulties in responding to an incident like this is that no company’s onboarding process is perfect, and most onboarding involves getting the new hire added to various groups and systems that aren’t always directly controlled by IT. Those investigations often reveal process-related weaknesses in the IT infrastructure.

We are increasingly seeing Privilege Misuse breaches paired with Fraudulent transactions, more so this year than in the past several, as shown in Figure 49. Fraudulent transactions are an Integrity violation that is frequently the end game of the BEC and is typically a money transfer to a threat actor-controlled bank account. However, since Internal actors already have access to the systems where bank accounts and routing information are stored in these cases, they’re probably just making that banking update themselves. Seeing Internal actors increasingly just redirect funds is especially concerning, considering it may be someone in a position to siphon significant resources away from the organization.

2023 Data Breach Investigations Report

Let's get started.