"Unintentional disclosures of personal information, called 'data spills,' can occur when visitors click on a link to an external site. Browsers automatically notify the new site of the URL (internet address) from which the user has just come, possibly disclosing private information. For example, the URL could contain a name or e-mail address, or it could communicate confidential information about personal interests (e.g., www.medicalsite.com/baldness). ...

Another way data spills occur is through some types of Web forms used to collect personal information. Forms that use the 'Get' method of HTML coding attach the contents of the form to the URL of the result page (for example, if John enters his name and age on a form, the result URL might read 'www.medicalsite.com/get.cgi?name=john&age=22'). If the result page contains third-party objects or links, those third parties could receive all the information on the form, resulting in a data spill."
—Peter Piazza, "Cleaning Up Data Spills," Security Management, May 1, 2001

"The incident occurred on Tuesday when a page containing private information, including names, home and e-mail addresses, and phone numbers was displayed at http://www.adiamondisforever.com after a San Francisco area user hunted for his name on the site's search engine and received a whole database in return.

Jason Catlett, president of Junkbusters, a New Jersey-based online advocacy group, told Newsbytes the disclosure, called a 'data spill,' was undoubtedly accidental but is not at all uncommon."
—Martin Stone, "Data Spill Blamed For De Beers Web Site Security Leak," Newsbytes, April 5, 2000