What constitutes a data breach?

A data breach is specifically characterized by unauthorized access to sensitive data. This definition encompasses situations where individuals or entities gain access to confidential or protected information without permission, leading to potential harm, such as identity theft, financial loss, or compromise of personal privacy.

In the context of information security, "sensitive data" typically refers to any data that, if disclosed, could negatively impact individuals or organizations. This can include personal identification information, financial records, health records, and proprietary corporate information.

The other choices, while related to information security, do not precisely define what constitutes a data breach. Unauthorized storage of data may imply that data is being kept without authorization but doesn’t necessarily indicate that there has been access to or loss of data. Unauthorized software installation pertains to issues of malware or security exploits but doesn’t directly reference access to sensitive information. Similarly, unauthorized changes to user accounts are more aligned with account compromise but do not directly indicate that data has been accessed inappropriately. Thus, the core element of a data breach is that it involves unauthorized access to sensitive information.