The personal information of over one million Irish citizens was exposed by the HSE due to a misconfigured Covid-19 vaccination portal. Cybersecurity researcher Aaron Costello discovered the issue in December 2021 and informed the HSE, who resolved the problem. The HSE confirmed that no unauthorized individuals with malicious intent accessed the information. The portal allowed users to access sensitive personal data and internal HSE documents due to profile permission settings. The HSE stated that the misconfiguration was promptly fixed and that detailed logs would have shown if any data was accessed. The HSE did not report a personal data breach to the Data Protection Commission.
Source link