Cybersecurity researcher Jeremiah Fowler discovered an unprotected database containing approximately 1.3 million records, including COVID-19 testing information and personally identifiable information (PII) such as names and passport numbers. The database was linked to Coronalab.eu, an online platform owned by Microbe & Lab, one of the largest COVID test providers in the Netherlands. After multiple attempts to contact the responsible party went unanswered, Fowler contacted the hosting provider to secure the data. The exposed records included test results, appointment details, and email addresses. Fowler suggests that organizations should review and secure stored data, as exposure of COVID test data combined with PII could compromise individuals’ privacy and medical information. The potential risks include breaches of personal and health information and potential future consequences related to health insurance rates and public trust in healthcare providers. The exposed passport details and QR codes also pose risks for identity theft and security breaches. Fowler emphasizes the need for data security, encryption, and clear record retention policies. It is unknown how long the data was exposed or if anyone else accessed it. The General Data Protection Regulation (GDPR) imposes strict requirements for the protection of medical data, and organizations must adhere to these regulations. Fowler’s intention is to raise awareness about cybersecurity best practices rather
https://www.vpnmentor.com/news/report-coronalab-breach/