An unprotected Elasticsearch server was found publicly exposing personally identifiable information belonging to nearly 90% of Panama citizens, a security researcher found last week.
Bob Diachenko, cyber threat intelligence director at Security Discovery, found the data sitting in a server, where it was publicly available and visible in any browser. The database held 3.4 million records containing detailed information on Panamanian citizens, labeled "patients," as well as 468,086 records labeled "test-patient." He reports the exposed information appears to be valid.
Given Panama's total population amounts to some 4.1 million people, he adds, the number of exposed records (including test-patient) would indicate compromise for 90% of citizens.
The compromised records contained the following: full names, birth dates, national ID numbers, medical insurance numbers, phone numbers, email and physical addresses, and other ..