Microsoft Azure breach left thousands of customer records exposed

Another day, another company failing to secure sensitive customer data held in the cloud.

It has been discovered that UK-based app developer Probase exposed information – including medical records, recruitment data, occupational health assessments, insurance claim documents and more – via an unsecured cloud database.

The news was first broken by The Register, which was tipped off by cybersecurity researcher Oliver Hough. The publication, investigating the matter, found that 587,000 files were left in an unprotected Azure blob.

Any malicious actors that knew where to look would have been able to find and access the database with ease, it was said.

In a brief statement, Probase has acknowledged the incident. “We are working closely with the Information Commissioner’s Office at present and advise we have no further comment at all,” said Paul Brown, a company director.

The firm has since closed off the access to the database and has begun to notify affected customers. It is unknown for how long the database was sitting unprotected, but The Register did say that some of the files in there were seven years old.

Source link