A data spill is the accidental or deliberate exposure of information into an uncontrolled or unauthorised environment, or to persons without a need-to-know. A data spill is sometimes referred to as information disclosure or a data leak.
Data spills usually fall into one of two categories:
- The transfer of information to a system which is not authorised to handle the information. Such a transfer may be performed via email or digital media.
- The unauthorised disclosure of information on the Internet, including via web forums, social media and other types of cloud-based storage.
Data spills are considered cyber security incidents and should be reported to the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC).