Hackers Access Tile's Internal Tracking Tools, Customer Data

[M.T.Pelée]

• A data breach occurs when data that is unintentionally left vulnerable in an unsecured environment is viewed by someone who shouldn't have access to that data.

By your own definition this tracks. They didn’t leave the data vulnerable on purpose, and it got accessed by someone who shouldn’t have seen it. And the environment was clearly not secure enough.

• A hack is the result of an intentional attack, while a breach is the result of human negligence.

This is a bit confused definition, because it can be both. Here it is very much human negligence (the credentials should have been disabled) combined with someone intentionally making use of the situation.

• A data breach is a more general term and simply refers to the outcome that data was made available to unauthorised people.

Like the example here.

But really, this distinction is a red herring because a ‘hack’ is a particular scenario in which a data breach occurs. From GDPR art. 4 p. 12:

‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

 

[Iconoclysm]

By your own definition this tracks. They didn’t leave the data vulnerable on purpose, and it got accessed by someone who shouldn’t have seen it. And the environment was clearly not secure enough.


This is a bit confused definition, because it can be both. Here it is very much human negligence (the credentials should have been disabled) combined with someone intentionally making use of the situation.


Like the example here.

But really, this distinction is a red herring because a ‘hack’ is a particular scenario in which a data breach occurs. From GDPR art. 4 p. 12:

FYI, these are not my definitions - I came up with NONE of them. They're stolen credentials used to do something nefarious. That's all you need to know.

 

[Mother Nature]

Using credentials of a former employees is not hacking. Tile was the victim of a data breach.

Exactly, this is not any form of "hacking". Could have been social engineering to get the credentials, some other possibilities just not any sort of "hacking".