Thirty-eight million records from dozens of organizations, including COVID-19 contact tracing information, were exposed online earlier this year due to a misconfiguration in a Microsoft product, according to research published Monday.
Cybersecurity group UpGuard’s research team detailed in a report that it had notified 47 groups that their data had been exposed. These were government organizations including the Maryland Department of Health, New York City Schools, New York City Municipal Transportation Authority, and the government of the State of Indiana.
Data from private companies was also exposed, including from various other Microsoft groups, Ford, American Airlines, and J.B. Hunt. Data exposed included COVID-19 contact tracing, vaccination appointments, Social Security numbers, employee IDs, and other personal information on millions of individuals.