Exploit: Misconfiguration
Indiana Department of Health: State Agency
Risk to Business: 1.723 = Severe
The Indiana Department of Health has disclosed that data from the state’s COVID-19 online contact tracing survey was improperly accessed in a database misconfiguration incident after a company looking to form a security-based business relationship with the agency accessed it and informed the Department of the mistake. The agency and the company involved signed an agreement noting that the data had not been copied or downloaded. The misconfiguration issue has been corrected according to the agency.
Risk to Individual: 1.571 = Severe
The data included the name, address, email, gender, ethnicity and race, and birthday of nearly 750,000 Hoosiers, according to IDOH. The agency will send letters notifying those affected by the breach and extend an offer for one year of free credit monitoring with Experian.
Customers Impacted: 750,000
How It Could Affect Your Customers’ Business Government targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.
Source: Wowo