Indiana says cybersecurity company ‘improperly accessed’ COVID-19 data

The Indiana Department of Health is notifying 750,000 residents after a cybersecurity vendor, UpGuard, “improperly accessed” data from the state’s COVID-19 online contact tracing survey. However, UpGuard claims it discovered the data was publicly accessible and notified the health department. UpGuard has deleted the data and signed a certificate of destruction. This incident is not the first time COVID-19-related data has accidentally gone public. The incident highlights the risk of software configuration errors and the potential for data breaches.