Credit: Pixabay/CC0 Public Domain
Indiana health officials said Tuesday they are notifying nearly 750,000 state residents that a cybersecurity company "improperly accessed" their personal data from the state's online COVID-19 contact tracing survey—a description the company disputed as a "falsehood."
The Indiana Department of Health said the state was notified July 2 that a company gained "unauthorized access" to data, including names, addresses, dates of birth, emails, and data on gender, ethnicity and race.
The nearly 750,000 people whose data was accessed represent all of the state's participants in its online COVID-19 contact tracing survey, said agency spokeswoman Megan Wade-Taxter.
State Health Commissioner Kris Box said the state health department does not collect Social Security information for its COVID-19 contact tracing program, and no medical information was obtained.
"We believe the risk to Hoosiers whose information was accessed is low," Box said in a news release.
State officials did not identify the company involved in their news release, but Wade-Taxter said the company was UpGuard, a cybersecurity company based in Mountain View, California.
UpGuard spokeswoman Kelly Rethmeyer said in statement Tuesday that Indiana's news release describing the data access incident includes "many falsehoods."
"For one, our company did not `improperly access' the data. The data was left publicly accessible on the internet. This is known as a data leak," she said. "It was not unauthorized because the data was configured to allow access to anonymous users and we accessed it as an anonymous user."
Rethmeyer added that Up ..
Support the originator by clicking the read the rest link below.
