

If your house plumbing is leaking, its not a leak to you unless you see it? How do you know it hasn’t been accessed?
Thankfully we don’t need to rely on your definition of a data leak: https://www.fortinet.com/resources/cyberglossary/data-leak
A data leak happens when an internal party or source exposes sensitive data, usually unintentionally or by accident.
This is sensitive data that’s accidentally been exposed on the internet. That is a leak. You are misinformed on what a data leak is.




Yes. Correct. Personally Identifiable Information openly exposed on the internet is information going out where it shouldn’t be.
If your house is leaking, whether there’s someone out there with a cup doesn’t change whether your house is leaking or not. It only changes whether someone took your water ie. a breach
Data leak and data breach have specific definitions:
https://www.microsoft.com/en-us/security/business/security-101/what-is-a-data-leak
https://www.oaic.gov.au/privacy/your-privacy-rights/data-breaches/what-is-a-data-breach
https://www.ibm.com/think/topics/data-leakage
https://www.trendmicro.com/en/what-is/data-breach/data-leak.html
This is a data leak. We don’t know yet if it’s a data breach. We might not know until active exploitation.
Given the lack of control on this data, and that it wasn’t fixed until the researchers told them about it, do you trust IDMerit to have the scrutiny on their logging to know if it was accessed externally? I don’t.