Photo Illustration: Thomas Trutschel/Photothek via Getty Images

Last week, a Florida company named Exacts exposed information on around 300 million records. While several stories characterized this incident as a breach, it wasn't actually a breach — at least not in the way most people use the term.

Why it matters: When most people hear about a breach, they think a bad guy has stolen data. That’s scary and can effect consumer behavior. But there was no bad guy involved in what happened at Exactis. Instead, the firm left a database online in an unsecured way, allowing anyone who knew where to find it to download it.

The details: There are several different ways data can be exposed by accident online. Companies sometimes misconfigure databases or cloud storage to be open to the public.

  • Most people involved in cybersecurity don’t see this as a breach.
  • The ones that do admit that the word can be misleading.

“We’ve made an effort to stop using the word breach,” said Chris Vickery, a leading investigator of data exposures working for the security firm UpGuard.

Breach of trust: Vickery argues that it is a breach, but of a non-standard sort. “It’s a breach of trust,” he said.

  • Vickery alone has found data as varied as a commercial terrorism watch list, registered voter databases and contractor plans for secure government systems.
  • Researchers use specialized search tactics to locate exposed data. It’s not easy work — most exposed data is intentionally left exposed.

The intrigue: Within hours of Wired breaking the story on the Exactis exposure, outlets started comparing the incident to Equifax as a potential record-breaking data breach.

  • In Equifax, an actual hacker stole records.
  • In Exactis, a researcher searching for exposed databases discovered the exposed database. There was no evidence anyone maliciously downloaded the files.

Be smart: It’s important to understand the difference between data exposures and data breaches, because they will keep coming up. The lexical difference doesn’t make a bad thing good. It’s still problematic to have data exposures.

“Every non-malicious breach is something hackers could have found,” said Vickery.

Go deeper

Updated 43 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 7 a.m. ET: 30,804,120 — Total deaths: 957,348— Total recoveries: 21,062,785Map.
  2. U.S.: Total confirmed cases as of 7 a.m. ET: 6,766,631 — Total deaths: 199,268 — Total recoveries: 2,577,446 — Total tests: 94,211,463Map.
  3. Education: What we overlooked in the switch to remote learning
  4. Politics: In reversal, CDC again recommends coronavirus testing for asymptomatic people.
  5. Health: The dwindling chances of eliminating COVID-19.
  6. World: Guatemalan president tests positive for COVID-19 — The countries painting their pandemic recoveries green.

What we overlooked in the switch to remote learning

Illustration: Eniola Odetunde/Axios

America’s rapid and urgent transition to online school has come with a host of unforeseen consequences that are only getting worse as it continues into the fall.

The big picture: The issues range from data privacy to plagiarism, and schools are ill-equipped to deal with them, experts say.

The positions of key GOP senators on replacing Ruth Bader Ginsburg

Senate Majority Leader Mitch McConnell talks to reporters on Capitol Hill last Thursday. Photo: Chip Somodevilla/Getty Images

With President Trump planning to nominate his third Supreme Court justice nominee by next week, key Republican senators are indicating their stance on replacing the late Justice Ruth Bader Ginsburg just over six weeks out from Election Day.

The big picture: Senate Majority Leader Mitch McConnell (Ky.) has vowed that "Trump’s nominee will receive a vote on the floor of the United States Senate." But Sen. Lisa Murkowski (Alaska) told Alaska Public Media, "I would not vote to confirm a Supreme Court nominee. We are 50 some days away from an election."