Updated Jul 8, 2018

Be smart: When a "data breach" isn't a breach

Photo Illustration: Thomas Trutschel/Photothek via Getty Images

Last week, a Florida company named Exacts exposed information on around 300 million records. While several stories characterized this incident as a breach, it wasn't actually a breach — at least not in the way most people use the term.

Why it matters: When most people hear about a breach, they think a bad guy has stolen data. That’s scary and can effect consumer behavior. But there was no bad guy involved in what happened at Exactis. Instead, the firm left a database online in an unsecured way, allowing anyone who knew where to find it to download it.

The details: There are several different ways data can be exposed by accident online. Companies sometimes misconfigure databases or cloud storage to be open to the public.

  • Most people involved in cybersecurity don’t see this as a breach.
  • The ones that do admit that the word can be misleading.

“We’ve made an effort to stop using the word breach,” said Chris Vickery, a leading investigator of data exposures working for the security firm UpGuard.

Breach of trust: Vickery argues that it is a breach, but of a non-standard sort. “It’s a breach of trust,” he said.

  • Vickery alone has found data as varied as a commercial terrorism watch list, registered voter databases and contractor plans for secure government systems.
  • Researchers use specialized search tactics to locate exposed data. It’s not easy work — most exposed data is intentionally left exposed.

The intrigue: Within hours of Wired breaking the story on the Exactis exposure, outlets started comparing the incident to Equifax as a potential record-breaking data breach.

  • In Equifax, an actual hacker stole records.
  • In Exactis, a researcher searching for exposed databases discovered the exposed database. There was no evidence anyone maliciously downloaded the files.

Be smart: It’s important to understand the difference between data exposures and data breaches, because they will keep coming up. The lexical difference doesn’t make a bad thing good. It’s still problematic to have data exposures.

“Every non-malicious breach is something hackers could have found,” said Vickery.

Go deeper

Judge rules against Trump policy limiting public comment on energy leasing

Photo: Joe Amon/The Denver Post via Getty Images

A federal judge on Thursday overturned a 2018 Trump administration directive that sought to speed up energy leases on public land by limiting the amount of time the public could comment.

Why it matters: U.S. Chief Magistrate Judge Ronald Bush's decision voids almost a million acres of leases in the West, according to The Washington Post. It's a victory for environmentalists, who tried to block the change as part of an effort to protect the habitat of the at-risk greater sage grouse.

  • The ruling invalidated five oil and gas leases in Nevada, Utah, and Wyoming, and affected 104,688 square miles of greater sage-grouse habitat, per The Associated Press.
  • Leases in greater sage-grouse habitat will return to allowing 30 days of public comment and administrative protest.

The big picture: From Axios' Amy Harder, this is the latest in a long and convoluted list of regulatory rollbacks the Trump administration is pursuing on environmental rules that courts are, more often than not, rebutting. With Congress gridlocked on these matters, expect the courts to be the default way Trump's agenda faces checks (unless, of course, a Democrat wins the White House this November).

Your best defense against coronavirus

Photo: Adrian Greeman/Construction Photography/Avalon/Getty Images

Washing your hands is the best way to protect against the novel coronavirus, according to doctors and health officials, as the virus continues to spread around the globe.

Why it matters: Frequent hand washing can stop germs from spreading in a community, a known preventative for COVID-19 and influenza.

Major League Soccer embarks on its 25th season

Illustration: Aïda Amer/Axios

As Major League Soccer begins its 25th season, the league is financially stable and surging in popularity, and its 26 teams have gorgeous facilities and rapidly increasing valuations.

  • It also continues to expand, with David Beckham's Inter Miami and Nashville SC set to debut this season as the 25th and 26th teams. Plans are in place to reach 30 franchises by 2022 — triple the number from 2004.
Go deeperArrow2 hours ago - Sports