COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate
Earlier this week, the Indiana Department of Health issued a notice explaining that the state’s Covid-19 contact tracing system had been compromised. The breach occurred due to a cloud misconfiguration and revealed the names, emails, gender, ethnicity, race, and dates of birth of more than 750,000 users. The incident occurred amid rising Covid-19 vaccine fraud, demonstrating that cybercriminals are still leveraging the pandemic for financial gain and to conduct illegal activities. The data exposed in the Indiana Department of Health incident could be misused, according to experts.
State Health Commissioner Kris Box stated that the department believes the risk that the information was accessed is low, however, and stressed that no medical information or Social Security numbers were obtained. Box also stated that the department plans to offer appropriate protections to anyone impacted by the incident. Cybersecurity company UpGuard was the first to access the information after researchers uncovered a misconfigured API that was unsecured and publicly visible. The company then alerted Indiana officials.