Whistleblowing security researchers deny ‘inappropriate access’ to Indiana Covid-19 survey data

Author

Original post of this article

Whistleblowing security researchers deny ‘inappropriate access’ to Indiana Covid-19 survey data

Midwestern state in data leak drama

security researchersSecurity researchers deny inappropriate access to Indiana Covid-19 survey data

A security vendor has disputed claims that it improperly accessed personal data collected through the US state of Indiana’s Covid-19 contact tracing survey.

In a statement issued on Tuesday (August 17), the Indiana Department of Health said it was notifying nearly 750,000 citizens that data to the survey was “improperly accessed”.

The exposed information included name, address, email, gender, ethnicity, and date of birth, but it did not include medical information or sensitive financial information, according to state officials.

Read more of the latest data leak news

“We believe the risk to Hoosiers whose information was accessed is low,” said State Health Commissioner Kris Box.

“We do not collect Social Security information as a part of our contact tracing program, and no medical information was obtained.”

Box added: “We will provide appropriate protections for anyone impacted.”

Publicly accessible

Citizens are being offered a year’s complimentary credit monitoring services, while techies in Indiana have corrected a “software configuration issue” that resulted in the inadvertent data leak.

Although not named in its official statement, a spokesperson for Indiana told the Associated Press that cybersecurity firm UpGuard was responsible for the “inappropriate access”.

RELATED Snake oil Covid-19 treatment sites seized by US authorities

UpGuard criticized Indiana’s statement, telling the AP that the data was left publicly accessible on the internet.

The Daily Swig approached Indiana for comment on the exact cause of the breach, as well as its response to UpGuard’s version of events. We also invited UpGuard to comment.

This story will be updated as and when more information comes to hand.

RELATED Florida woman ‘damaged computers, deleted crucial business data’ after she was fired

More
articles