Cybersecurity company flags Microsoft Power Apps data leak of 38M records

A cybersecurity company, UpGuard, discovered data leaks from multiple organizations due to default permissions on Microsoft Power Apps portals. The leaks compromised 38 million records across 47 affected organizations. Microsoft has addressed the issue by enabling table permissions by default and providing tools for self-diagnosis. The leaked data included personal information used for COVID-19 contact tracing, vaccination appointments, job applicant details, and employee IDs. UpGuard notified the organizations affected, including the Indiana Department of Health, which accused UpGuard of “inappropriately accessing” data from their COVID-19 contact-tracing survey.