Since July 2, the unsecured database of an Indian healthcare software provider has been leaking Covid antigen results paired with other personally identifiable information (PII) of 1.7 million citizens and foreign nationals online.
Security researcher Anurag Sen discovered the leaky server while scanning for misconfigured databases on Shodan. The researcher uncovered over 23 GB of PII, including medical records from individuals who traveled to or from India during the Covid-19 pandemic.
Exposed data includes:
- Full names, gender, date of birth and nationality
- Contact information including phone numbers and physical addresses
- Vote ID numbers, passport numbers and Aadhaar numbers
- Underlying medical conditions, Covid test results and vaccine details
The server remains exposed despite multiple attempts to contact the company.
Associated risks for victims
Although it remains unclear whether threat actors also gained access to the treasure trove of data found on the unsecured server, the sensitive nature of the user entries exposes unsuspecting users to targeted phishing attacks and identity theft that could lead to further exposure of data and financial losses.
Still, the researcher is protecting the identity of the company to ensure that malicious individuals won’t go after the data to hold it for ransom or trade it on dark web marketplaces.
Steps data breach victims can take to protect their finances and identity
It’s only a matter of time before your personal data is reported in a data breach or leaked on the dark web. To limit the chances of becoming just another data breach statistic or identity theft victim, always follow these steps:
- Change your passwords and enable two-factor authentication for all accounts that use the same login credentials as the breached platform
- Monitor your credit report and financial accounts
- Place a fraud alert on your credit report
- Consider a security freeze on your credit file
- Watch out for unsolicited emails, texts or phone calls that ask you to provide sensitive data or confirm financial data, especially if they are tied to a security incident
- Use a security solution to safeguard your device against malicious attacks and fraudulent links
Has your data been exposed in a data breach? Find out today with Bitdefender Digital Identity Protection, a dedicated privacy tool that keeps you on top of data breaches and leaks with 24/7 data breach monitoring and real-time alerts for privacy threats.
Consumers in the US can fend off identity theft and fraud by subscribing to our dedicated Identity Theft Protection service that offers real-time fraud, data breach and credit monitoring, SSN tracker and support of our #1-rated experts including insurance of up to $2 million.