COVID-19 testing service in the State of Utah stored passport scans and other highly personal data on unsecured Amazon S3 buckets.
A COVID-19 testing service in Utah ran by Premier Diagnostics exposed sensitive information of more than 50,000 people by storing data on two unsecured Amazon S3 buckets.
What data was exposed
The information included driver’s licenses, medical insurance cards, passports, and other IDs which were accessible without any authentication procedure on the web according to the Comparitech researchers.
It was found that the data of around 52,000 customers had been impacted and affected people were most likely to be from Utah, Nevada, and Colorado according to the samples obtained by researchers.
In total, over 200,000 images of ID scans were exposed. According to the timeline given by Comparitech researchers, the data was exposed for at least a week, if not longer, which was enough time for attackers to find and steal that publicly exposed data.
Furthermore, researchers also found identification forms that contained detailed personal information about patients such as their name, age, address, photo, gender, ID numbers, and more.
Another separate bucket called “paper-records” contained a database that stored names, dates of birth, and test sample IDs from patients who took the COVID-19 test.
The data did not, however, contain any COVID-19 test results, Paul Bischoff of Comparitech wrote in a blog post.
Snapshot of Utah driving licence belonging to one of the patients (Source: Comparitech)
1 of 2
Your identity and privacy is at risk
The patients who were affect ..
Support the originator by clicking the read the rest link below.
