I could be wrong but I'm pretty sure the word "breach" is reserved for specific security incidents that fall above a certain threshold. Something like if X amount of users were affected it must be considered a breach, which means the company must alert the authorities and alert all users who have been affected.
If he's saying it wasn't a breach it's probably because it doesn't fit the actual criteria for considering something a breach, but doesn't mean he's trying to downplay the severity of what happened.
If he's saying it wasn't a breach it's probably because it doesn't fit the actual criteria for considering something a breach, but doesn't mean he's trying to downplay the severity of what happened.
Edit: difference between a data breach vs. a security incident - https://www.alienvault.com/blogs/security-essentials/whats-t...