A data spill is the accidental or deliberate exposure of information into an uncontrolled or unauthorised environment, or to persons without a need-to-know. A data spill is sometimes referred to as information disclosure or a data leak.
Data spills usually fall into one of two categories:
- The transfer of information to a system which is not authorised to handle the information. Such a transfer may be performed via email or digital media.
- The unauthorised disclosure of information on the Internet, including via web forums, social media and other types of cloud-based storage.
Data spills are considered cyber security incidents and should be reported to the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC).
Organisations should refer to the Australian Government Information Security Manual (ISM) for sanitisation guidance for specific media following a data spill.