"Thousands Of Students' Personal Information Exposed by A Medical School"

A recent report from vpnMentor revealed the exposure of personally identifiable information (PII) belonging to thousands of medical school students in the US due to an unprotected Amazon S3 bucket. The server was found to lack security restrictions, thus leaving it open to the public. It contained 157 GB of data, with nearly 200,000 files. The server's owner was identified as the LA-based firm Phlebotomy Training Specialists, which provides phlebotomy certification and training to locations including Arizona, Michigan, Texas, Utah, California, and more. According to vpnMentor, the stored documents were backed up from September 2020, although some of them were produced before then. The insecure bucket contained copies of ID cards, dates of birth, student photographs, home addresses, and other forms of PII. In addition, the researchers found more than 27,000 tracking forms, some of which had student transcripts, images of training certificates, and the last four digits of Social Security numbers. This article continues to discuss the discovery of exposed personal data of thousands of medical students and the response to the researchers' findings.  

Cyber Intel Mag reports "Thousands Of Students' Personal Information Exposed by A Medical School"