COVID Research Center in UK Shared Email Addresses of Study Participants in Data Breach
Lakeside Healthcare Research sent a mass email to all participants in a Covid vaccine trial taking place in Corby, UK, inadvertently revealing the emails of all test subjects in the process.
When most people hear the term “data breach,” they imagine hackers tirelessly working to compromise some server in the cloud, breaching layer upon layer of security to steal sensitive user or company data to sell on the black market.
The truth, though, is that some data breaches have much simpler explanations. In many cases, someone forgets to lock a database, and its contents become available online. And sometimes, people publicly share confidential information through emails and other channels.
This is exactly what happened when Lakeside Healthcare Research decided to send an email to all the COVID study participants and forgot to hide their email addresses.
“Regrettably an email was sent out to participants of a vaccination project being run by the Lakeside Research Team, based in Corby, with all email addresses visible, rather than blind carbon copied, as is the required and normal method,” Dr. Amardeep Heer told the Northamptonshire Telegraph.
“The Research Team, which is a separate entity to the Lakeside Surgery, took immediate action, apologizing to participants and asking them to delete the original email,” he said.
The team was quick to take back the email, but that’s only possible when the email hasn’t been opened yet. The authorities have been notified and informed about the data breach, and the people affected have been contacted.
Email addresses fall under the category of personal identifiable information (PII), as they allow anyone to find more about the person who owns the address quickly.