- This topic has 0 replies, 1 voice, and was last updated 2 years, 9 months ago by .
Viewing 0 reply threads
Viewing 0 reply threads
You must be logged in to reply to this topic. Login here
Home › Forums › TMHG523 Principles and Foundations of Public Health Informatics 2021 › Week 2 : Health Information Privacy & Security › Week 2 Assignment : Peer review Case Study › Weerada_Microsoft Data Breach Exposes 38M Records Containing PII
Brief description of the story
On May 24, 2021, an UpGuard analyst discovered that the Open Data Protocols (OData) API for an organization’s Power Apps portal that contained an anonymously accessible list of data. The exposed PII included names, COVID-19 contact tracing information, vaccination appointments, Social Security numbers, employee IDs, and email addresses.
The impact and consequences of the data breach
Personally identification records were exposed and they must be threatened from those information
How the data breach occurs and the main cause of the data breach
Microsoft Power Apps is a cloud-hosted suite of services that allows organizations to create business intelligence applications. Power Apps portals allow both internal and external users to securely access data through a public website. Users can store data, create forms for users to enter data, and use APIs to retrieve data from other applications.
The service also allows users to enable OData APIs, which permit organizations to publicly display Power Apps lists. A design mishap left organizations that did not enable certain permissions vulnerable.
How to prevent this data breach attack
Limit access by anonymous users
Keep privacy for sensitive data like personal identification
You must be logged in to reply to this topic. Login here