I’ve had a few people flag this with me as a “data breach”. It’s not, it’s authorised access. Not liking that authorisation does not make it a data breach. If one of these guys then accidentally leaks it all over the place to unauthorised parties, *then* it’s a data breach!
I’ve had a few people flag this with me as a “data breach”. It’s not, it’s authorised access. Not liking that authorisation does not make it a data breach. If one of these guys then accidentally leaks it all over the place to unauthorised parties, *then* it’s a data breach!
Idk why this is so controversial. I mean you can dislike that Musk and his DOGE team were given access. But they were clearly authorized, the head of the Executive branch himself, President Trump. It's like the CEO of a company bringing in an outside contractor to review and report on a company's operations. Some employees might not like it but that doesn't really matter.
@ryanwebdev @troyhunt "Clearly authorized." I respectfully disagree. In your example, a contractor should be granted the minimum access needed to complete their job. I don't see why: 1. access to code counts 2. there's a resistance to oversight of the contractor 3. the contractor is violating rules
@ryanwebdev @troyhunt The only reason you guys insist "they were clearly authorized" is you're too arrogant to admit it falls outside your scope. It's extra stupid because nobody would object if you just said "we watch the Internet for data leaks and we don't see any leaked data circulating so far"
@ryanwebdev @troyhunt It's not a breach, it's worse - it's people who are unmonitored and unaudited having more access than necessary to PII. An attack from outside is bad enough, but an inside job is worse.