The State of Indiana Is Notifying 750,000 Residents of a Data Breach

  • Indiana’s COVID-19 tracing system has suffered a data breach that may have actually been a leak.
  • The state officials point the finger at a cybersecurity company that accessed the data of 750,000 Americans.
  • The firm responded by saying they merely reported a case of an unprotected database to the owner.

The state of Indiana is sending out notices of a data breach to 750,000 residents who were participating in the state’s official COVID-19 contact tracing system, informing them that some of their personal data may have been improperly accessed. The Indiana Department of Health representative informed the public that they got to learn about the incident on July 2, 2021, but believe that the risk is low as the entity that gained unauthorized access was actually a cybersecurity firm.

The information that was available on the accessed systems include the following:

  • Full name
  • Physical address
  • Email address
  • Gender
  • Ethnicity
  • Race
  • Date of Birth

What can’t have been possibly compromised is people’s Social Security numbers and any medical information or histories, as these aren’t stored in the COVID-19 contact tracing platform even if provided by the users during registration. Anyone who is confirmed to have been affected by this incident will receive a personal notification containing instructions on how to enroll for a cost-free credit monitoring service through Experian.

The weird part in the story is that the cybersecurity company accused of accessing the data without authorization is UpGuard, which responded to this news expressing their surprise with how the state of Indiana chooses to present the situation. As they say, the organization responsible for protecting the citizen data failed to secure their online-facing database, so the blunder was theirs. UpGuard states that they actually reported their finding to Indiana’s officials to help them secure the database from actually malicious access.

Moreover, UpGuard explains that they have wiped the copies they kept for security and reference and also signed a certificate of destruction. In any case, they were not planning to release that data to any other entity. The company finds the state’s stance weird and unfair towards their responsible disclosure, presenting them as infiltrators of public networks when the reality is, Indiana’s IT team left the database unprotected and publicly accessible.

How to Watch Tribunal Justice Online Free from Anywhere
Get ready to be dazzled and entertained this month as Tribunal Justice, a captivating court show, is about to make its highly...
How to Watch The Crowded Room Online Free on Apple TV Plus from Anywhere
Psychological thrillers have an uncanny ability to tug at the emotional strings of fans, delving into the depths of the human psyche...
How to Watch Belle Collective Season 3 Online from Anywhere
If you appreciate strong, fearless women who aren't afraid to speak their minds, you'll not want to miss Belle Collective Season 3,...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari