> To make sure this doesn't happen again, OWASP said it disabled directory browsing and checked the web server for additional configuration and security issues, and removed all of the resumes from the site.<p>> Additionally, the foundation purged the CloudFlare caches, and requested that the accessed data be removed from the web archive.<p>If the attacker didn't break in but rather accessed public internet facing traffic is it really a breach? What was breached? The webserver? on port 80? [0]<p>[0] <a href="https://owasp.org/blog/2024/03/29/OWASP-data-breach-notification" rel="nofollow">https://owasp.org/blog/2024/03/29/OWASP-data-breach-notifica...</a>
Also the blog post by OWASP was discussed here a couple days ago:<p><a href="https://news.ycombinator.com/item?id=39898743">https://news.ycombinator.com/item?id=39898743</a>