Exploit: Misconfiguration
Kings County California Public Health Department: Local Government Agency
Risk to Business: 2.711= Moderate
Kings County, California announced that the security flaw in its public webserver made limited information on COVID-19 cases available on the internet. The misconfiguration has been chalked up to a negligent third-party contractor. Discovered in mid-November 2021, officials say that the flaw was in place starting on February 15, 2021, and was corrected on December 6, 2021.
Individual Risk: 2.701= Moderate
In a statement, the county said that names, dates of birth, addresses, and COVID-related health information for county COVID-19 cases were among the data that was available to view. They’ve set up a dedicated call center to answer questions from the public.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business Misconfiguration incidents due to employee or contractor negligence are just as expensive and damaging as cybercrime when regulators get finished with companies that have them.
Source: Portswigger