zlacker

[parent] [thread] 3 comments
1. hrimfa+(OP)[view] [source] 2025-11-13 15:33:09
> Actually this Chris guy has a point. I don't call it breach either. It's PII data exposure but it is a serious exposure.

At least California defines it as

> unencrypted personal information, as defined, was acquired, or reasonably believed to have been acquired, by an unauthorized person.

https://oag.ca.gov/privacy/databreach/reporting

replies(1): >>bo1024+pR
2. bo1024+pR[view] [source] 2025-11-13 19:28:00
>>hrimfa+(OP)
So I guess if you authorize the entire world to read the data, it’s not a breach.
replies(1): >>SigmaE+Dr1
◧◩
3. SigmaE+Dr1[view] [source] [discussion] 2025-11-13 22:41:54
>>bo1024+pR
If nobody reads the data it is not a breach.
replies(1): >>Benjam+lF1
◧◩◪
4. Benjam+lF1[view] [source] [discussion] 2025-11-14 00:28:36
>>SigmaE+Dr1
So the junior engineer who couldn't secure an endpoint implemented thorough request logging and auditing? Impressive.
[go to top]