A Utah firm has exposed the delicate information and facts of a lot more than 50,000 customers by storing details on an unsecured server.
The breach at Premier Diagnostics was found on February 22 by cybersecurity expert Bob Diachenko at client privacy watchdog Comparitech. Delicate client information stored in a publicly accessible database bundled scans of passports, health insurance ID playing cards, and driver’s licenses.
Scientists discovered that the data of all over 52,000 prospects may possibly have been impacted in the security incident. Centered on the info found by researchers, affected folks are mainly from Utah, Nevada, and Colorado.
“This data could be in anyone’s palms now,” stated Comparitech’s Paul Bischoff. “So, your ID and your health care card are most likely somewhere on the dark web.”
Premier Diagnostics, which is based in Lehi, operates 11 COVID-19 tests web-sites scattered across the northern area of the Beehive Point out. Prior to testing can just take area, an individual who suspects that they have been contaminated with the novel coronavirus will have to deliver a type of ID, which is then photographed and saved.
“They get a photograph of your ID, the entrance and back again of your ID and the front and back again of your health care coverage card,” mentioned Bischoff. “They had saved all that details on a server that was publicly available on the internet without having a password.”
Soon after currently being alerted to the security breach, Premier Diagnostics took techniques to safe the facts, which has been unavailable to the community due to the fact March 1.
“We will not know for absolutely sure that any destructive functions acquired to it, but we have run honeypot experiments in advance of exactly where we see exercise on that form of unsecured information inside a issue of hours,” mentioned Bischoff.
He extra that by employing machines that scans for unsecured databases, cyber-criminals could have simply accessed and exfiltrated the info.
“It is really low-hanging fruit it truly is actually straightforward,” stated Bischoff. “They use the very same tools that we do, that we use to find the databases in the first location, they use the same instruments to come across it and steal it.”
In full, extra than 200k images of ID scans ended up uncovered in the details breach. On the other hand, no payment details was saved in the unsecured databases.
Some parts of this short article are sourced from: