Exactly 18,105 Coronavirus patients registered in Public Health Wales in the United Kingdom got their data exposed on the internet on Aug. 30. Their names, dates of birth, gender, and even location were all accessible online for about 20 hours before it was officially taken down-- it was only announced on Monday, Sept. 14 by the health agency. Here's why it happened.
Wales accidentally leaks COVID data
Due to a staff that got his fingers in the wrong key in the computer, over 18,000 private data of positive COVID-19 patients were leaked online.
On Monday, Sept. 14, the UK's Public Health Wales announced the bad news on their Twitter page.
We regret to announce that there has been a data breach involving the personally identifiable data of Welsh residents who have tested positive for COVID-19. Anyone concerned and wanting advice should read the FAQs: https://t.co/Q9AjI6NfnW pic.twitter.com/d2k4e5bVAw — Public Health Wales (@PublicHealthW) September 14, 2020
According to the health agency's official statement, there were no specific hack attacks that occurred during the data breach. One of their staff was supposedly sending the private records to a private page of the site.
However, due to the wrong button pressed in a different dashboard, the info was accidentally sent to the public server.
Public Health Wales said that the post was only retrieved over the next day, Tuesday, Sept. 15.
Meaning, the post was available by anyone online for 20 hours and was also viewed by unknown people up to 56 times.
What is the info on the leaked data?
The data includes each patients' "initials, date of birth, geographical area, and gender."
The agency also clarified that-- though the site was opened for almost a day-- there were no reported cases or evidence proving someone misused the data, calling the risk of identification as low.
Those patients that were identified COVID-19 positive in between dates Feb. 27 and Aug. 30 were the ones that got victimized with the accidental data breach.
"We take our obligations to protect people's data extremely seriously, and I am sorry that on this occasion we failed," Tracey Cooper, Public Health Wales' chief executive, said in a statement. "I would like to reassure the public that we have in place very clear processes and policies on data protection."
Why did it take so long to retrieved?
Chief executive Tracey Cooper told BBC that the recent breach was so far one of the "biggest data breaches" and said that it should never happen in the first place.
Cooper said that the staff should be more alarmed about the breach and "have taken it down quicker."
However, according to her, the person who was first alerted with the breach on Aug. 30 did not follow the procedures when it comes to these scenarios.
This article is owned by Tech Times
Written by Jamie Pancho