"Data Leak Exposes Tens of Millions of Private Records From Corporations And Government Agencies"
According to researchers at UpGuard, dozens of major companies, state and federal agencies, and other organizations that misconfigured a setting in their Microsoft software inadvertently exposed millions of people's personal information to the public internet for months. The data leak, which affected American Airlines, Maryland's health department, and New York's Metropolitan Transportation Authority, among others, led to the exposure of at least 38 million records, including employee information as well as data related to Covid-19 vaccinations, contact tracing, and testing appointments. After UpGuard privately notified Microsoft and the affected organizations, the leaks were plugged, and the ability to access the information was removed. While the information was unsecured, names, Social Security numbers, phone numbers, dates of birth, demographic information, addresses, and even dates of employer drug tests and union membership data were available to anyone with the know-how and inclination to look, stated the researchers. In the case of Ford Motor Co., UpGuard said, lists of loaner vehicles distributed to dealerships had also been exposed.