Data breaches can occur through various methods and often result from exploiting human vulnerabilities rather than network failures. Common attack vectors include phishing, spear-phishing, social engineering, rogue Wi-Fi, login oddities, IoT vulnerabilities, and SQL injection attacks. Phishing involves deceptive emails aimed at extracting personal information, while spear-phishing targets specific individuals with seemingly authentic messages. Social engineering manipulates trust to gain sensitive data, and rogue Wi-Fi allows attackers to intercept network activities. Anomalous login patterns can indicate breaches, while IoT devices pose significant risks if not properly segregated and secured. SQL injection exploits lack of input validation to access sensitive data. To prevent these breaches, organizations should use multi-layered security approaches, educate employees on recognizing threats, enforce strict authentication measures, monitor logs for suspicious activity, and ensure robust input validation.