
Data breach at Marine Forces Reserve impacts thousands - ph33t
https://www.marinecorpstimes.com/news/your-marine-corps/2018/02/28/major-data-breach-at-marine-forces-reserve-impacts-thousands/
======
dang
The submitted title ("Emails sent to the wrong people are data breaches now?")
broke the HN guidelines by editorializing. Please don't do that. The rule here
is to use the original title, unless it is misleading or linkbait. In the
latter case, please rewrite it in an accurate, neutral way, preferably using
representative language from the article itself.

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

------
908087
They always have been. In what world would sending confidential information to
someone who isn't supposed to have access to it not be considered a breach?
Intent doesn't matter in these situations.

~~~
wlesieutre
The word "breach" often implies more of a "breaking in" action, one of its
definitions on dictionary.com is "make a gap in and break through."

Either way, someone has your data who isn't supposed to, but it feels a bit
like a tree falling on your car and calling it a "car accident."

------
mikeash
Why wouldn’t it be?

~~~
diggan
Guess it's about intent. They write "data spillage" which I take as
"accidently sent to wrong people" while "data breach" which I would take as
"someone took the data with intent to spread it".

From the article:

> Personal information can be used by criminals or entities to steal
> identities, commit bank and credit fraud, or phishing schemes.

Getting a bit tired of this. You can't really steal someones identity. But a
criminal could use this to commit fraud, but you still have your own identity.

Guess it's the same as with piracy. It's not really stealing so much as
copying, but everyone calls it stealing...

~~~
mikeash
The top result on Google just says, “A data breach is a confirmed incident in
which sensitive, confidential or otherwise protected data has been accessed
and/or disclosed in an unauthorized fashion.”

------
saagarjha
> “It was very quickly noticed and email recall procedures were implemented to
> reduce the number of accounts that received it,” Aranda said.

What are they talking about when they mention "email recall procedure[s]"?
Once you've sent an email, you've sent it.

~~~
mabbo
Depends. If it's within your own org, there are often ways to server-side
remove the email from everyone's account. I've seen it happen with an
Outlook/exchange setup before.

Outlook also offers the ability to draw attention to your email by sending out
a "The sender of this email would like to recall it. Please click okay when
you're done reading whatever they sent and want to delete it."

------
cypherg
always has been if the contents of the mail are sensitive

~~~
cypherg
no different than if you accidentally leave an S3 bucket exposed to the
internet. It's negligence either way.

------
forestdev
I'm surprised no one has asked the obvious: why the heck were they emailing
this kind of attachment period...

------
azinman2
>“The Marine Corps takes the protection of individual Marines’ private
information and personal data very seriously, and we have steps in place to
prevent the accidental or intentional release of such information,” Aranda
said.

Apparently not.

