"Utah Company Stored Passport Scans on Unsecured Server"
A Utah company called Premier Diagnostics has exposed the sensitive information of around 52,000 customers by storing data on an unsecured server. Security researchers at Compartiech found sensitive customer data stored in a publicly accessible database including scans of passports, health insurance ID cards, and driver's licenses. Based on researchers' data, individuals affected by the breach are primarily from Utah, Nevada, and Colorado. In total, more than 200k images of ID scans were exposed in the data breach. However, no payment information was stored in the unsecured database. Premier Diagnostics operates 11 COVID-19 testing sites scattered across the northern section of the Beehive State. Before testing can occur, an individual who suspects that they have been infected with the novel coronavirus must provide a form of ID, which is then photographed and stored. Premier Diagnostics takes a photo of the front and back of their customer's ID and the front and back of their customer's medical insurance card. The organization had stored all that data on a server that was publicly accessible online without a password. After being alerted to the security breach, Premier Diagnostics took steps to secure the data, which has been unavailable to the public since March 1. At the moment, it is unknown if any malicious parties have obtained the information, but it would have been easy for cybercriminals to access and exfiltrate the data.
Infosecurity reports: "Utah Company Stored Passport Scans on Unsecured Server"