Stories

Be smart: When a "data breach" isn't a breach

Photo Illustration: Thomas Trutschel/Photothek via Getty Images

Last week, a Florida company named Exacts exposed information on around 300 million records. While several stories characterized this incident as a breach, it wasn't actually a breach — at least not in the way most people use the term.

Why it matters: When most people hear about a breach, they think a bad guy has stolen data. That’s scary and can effect consumer behavior. But there was no bad guy involved in what happened at Exactis. Instead, the firm left a database online in an unsecured way, allowing anyone who knew where to find it to download it.