The State of Indiana Is Notifying 750,000 Residents of a Data Breach

  • Indiana’s COVID-19 tracing system has suffered a data breach that may have actually been a leak.
  • The state officials point the finger at a cybersecurity company that accessed the data of 750,000 Americans.
  • The firm responded by saying they merely reported a case of an unprotected database to the owner.

The state of Indiana is sending out notices of a data breach to 750,000 residents who were participating in the state’s official COVID-19 contact tracing system, informing them that some of their personal data may have been improperly accessed. The Indiana Department of Health representative informed the public that they got to learn about the incident on July 2, 2021, but believe that the risk is low as the entity that gained unauthorized access was actually a cybersecurity firm.

The information that was available on the accessed systems include the following:

  • Full name
  • Physical address
  • Email address
  • Gender
  • Ethnicity
  • Race
  • Date of Birth

What can’t have been possibly compromised is people’s Social Security numbers and any medical information or histories, as these aren’t stored in the COVID-19 contact tracing platform even if provided by the users during registration. Anyone who is confirmed to have been affected by this incident will receive a personal notification containing instructions on how to enroll for a cost-free credit monitoring service through Experian.

The weird part in the story is that the cybersecurity company accused of accessing the data without authorization is UpGuard, which responded to this news expressing their surprise with how the state of Indiana chooses to present the situation. As they say, the organization responsible for protecting the citizen data failed to secure their online-facing database, so the blunder was theirs. UpGuard states that they actually reported their finding to Indiana’s officials to help them secure the database from actually malicious access.

Moreover, UpGuard explains that they have wiped the copies they kept for security and reference and also signed a certificate of destruction. In any case, they were not planning to release that data to any other entity. The company finds the state’s stance weird and unfair towards their responsible disclosure, presenting them as infiltrators of public networks when the reality is, Indiana’s IT team left the database unprotected and publicly accessible.

REVIEW OVERVIEW

Latest

Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari