Breaches detected by the Data Breaches module may involve information of varying sensitivity depending on their nature.
It is essential to understand the typology of these data to properly assess the level of risk and adapt remediation measures.
1 – Objectives
Understand the types of data exposed by the Data Breaches module
Assess the sensitivity level of compromised data
Interpret breach sources
Distinguish the dates associated with breach discovery
This helps prioritize the appropriate response based on the severity of the exposed data.
2 – Prerequisites
Have the Threat Monitoring module activated
Have activated the Data Breaches module and launched scans
3 – Understanding the types of exposed data
The breach table distinguishes three main categories of data, each associated with a sensitivity level and a visual color code.
It is necessary to distinguish between three types of reported data.
3.1 – PII (Personally Identifiable Information)
PII includes information that can identify an individual:
email addresses
phone numbers
first and last names
physical addresses
other common identification data
Characteristics of PII:
Most of this data can be obtained through open sources (OSINT)
It may still be useful to attackers to conduct targeted campaigns (phishing, smishing, vishing)
3.2 – Sensitive Data
Sensitive Data represents the most concerning types of leaks, such as:
credit card numbers
social security numbers
information enabling identity theft
Characteristics of Sensitive Data:
Highly sensitive due to their intrusive nature and potential impact on privacy and financial security
Leaks of this type imply a clear risk of fraud, identity theft, or corporate compromise
3.3 – Employee Passwords
This category indicates that passwords (or their hashes/fingerprints) have been exposed.
Characteristics of employee passwords:
This is the most critical sensitive data, as a compromised password can allow attackers to take over an employee’s accounts
This type of breach requires immediate action and often forces a password reset
4 – Understanding breach sources
Under the Breach Name column, you will find the websites or services responsible for the leaks.
4.1 – Identified sources
Some breaches clearly mention:
the name of the compromised service
its logo
the context of exposure
This allows quick identification of the origin and enables standard verification steps.
4.2 – Non-explicit sources: “Collection”, “City 0 Day”, etc.
These terms indicate that:
data comes from a collected data package
the original source is multiple or indeterminate
the breach is real but difficult to attribute to a single platform
5 – Difference between the two displayed dates
Each breach contains two different time-related elements:
Date | Meaning |
Breach Date | When the breach was first discovered (initial publication or leak). |
Latest Discovery Date | When Arsen detected or updated the breach. This may update if new data appears or new employees are affected. |
📚 Note
A breach can evolve over time.
Arsen updates the Latest Discovery Date whenever new elements related to an existing breach are detected.
The breaches reported by the Data Breaches module can vary in sensitivity for the company or the employee.
It is important to determine the urgency level of the response required.
Table of Contents
Types of retrieved data and sensitivity level of the leaked data
It is important to distinguish between three types of retrieved data:
PII(Personally Identifiable Information)
Displays the number of employees whose personal information has been exposed.
PII includes data such as email addresses, phone numbers, names, addresses, or any other information that can identify a person.
These data are highlighted in white in the breaches table.
These data are not highly sensitive, as most of it can be found in open sources (OSINT).
Sensitive Data
Displays the number of employees whose sensitive data have been exposed.
Sensitive data include highly compromising information such as:
Credit card numbers
Social security numbers
Other data that could be used for identity theft
These data are highlighted in orange in the breaches table.
These data are very sensitive due to their intrusive nature (privacy violation) or because they compromise confidential company information.
Employee Passwords
Displays the number of employees whose passwords (or password hashes) have been exposed.
These data are highlighted in red and clearly distinguished from other data in the table.
Sources of breaches
Under the Breach Name column, you will find the websites from which the data leaks originate.
These websites are the sources of different breaches.
Sometimes the source is clearly identified with the company’s brand or logo. In other cases, the source may be less obvious.
For example, if the source is listed as Collection or City 0 Day, it means the leak is real but comes from an intercepted dataset with multiple sources.
Difference between the two types of discovery dates
The table shows two different dates:
Breach Date– The date the breach was first discovered.Latest Discovery Date– The date the breach was recorded by Arsen. This date can be updated if the breach is reactivated and new information or new individuals are impacted.