I have been asked that, and my answer would be, yes, I would. However, I need to explain that in my work, I draw a line of classification between a malicious breach and a non-malicious breach. I would classify this as not necessarily a malicious breach, but it was a violation of the expected way in which this data would be handled in that it was gathered under the guise of academic research not to be utilized for commercial or other purposes—and clearly it was. It did cross that boundary. Facebook asked that it be deleted, etc. We all know that tale.
I would call it a data breach, but only [Technical difficulty—Editor] the difference between a hack and a different type of data breach.