It might surprise the good readers of Hacker News, but by reading TFA, and the linked PDF therein, answers may be revealed!

> 12. The forensic analysis also revealed that Elez sent an email with a spreadsheet containing PII to two United States General Services Administration officials. The PII detailed a name (aperson or an entity), a transaction type, and an amount of money. The names in the spreadsheet are considered low risk PII because the names are not accompanied by more specific identifiers, such as social security numbers or birth dates. Elez’s distribution of this spreadsheet was contrary to BFS policies, in that it was not sent encrypted, and he did not obtain prior approval of the transmission via a “Form 7005,” describing what will be sent and what safeguards the sender will implement to protect the information.

This is exactly what the court filing says - he emailed excel spreadsheets with unencrypted data. Presumably from database queries hence why they mention emailing a database. Obviously written by people who are entirely unfamiliar with what a database even is so it makes it sound worse than it is (even though it is still bad, but not quite "send the entire database" bad.)

Yep