"Indiana Contact Tracing Data Breached"

It has been discovered that nearly 750,000 residents of Indiana have been impacted by the data breach involving responses collected via the Hoosier State's COVID-19 online contact tracing survey.  An unnamed vulnerability-hunting company discovered a software misconfiguration that left information exposed to the public. The company informed state officials of the breach on July 2 after they were able to access and download the data. Information that was compromised in the incident included names, addresses, email addresses, gender, race, ethnicity, and dates of birth.   The Indiana Office of Technology and the Indiana Department of Health (IDOH) stated that immediate steps were taken to correct the misconfiguration and re-secure the records that had been accessed. The company that discovered the breach returned the sensitive data on August 4 and signed a certificate of destruction to confirm that the information had been permanently deleted.  The state health commissioner believes that the risk to Hoosiers whose information was accessed is low.  Affected Indiana residents will receive data breach notification letters and will be provided with one year of free credit monitoring.

Infosecurity reports: "Indiana Contact Tracing Data Breached"