The FBI has allegedly launched an investigation into a data breach that released the personal information of COVID-19 patients in South Dakota. The breach took place in June as a result of misconfigurations within a third-party vendor’s database security settings. The Department of Health and law enforcement agencies share a secure database, however, a slip-up involving a third party vendor opened the information up to the public.
The database was used to assess law enforcement and medic’s risks of catching COVID-19 when at work and performing typical duties. The portal would allow first responders to find out if the address in which they were called too had a positive COVID-19 case. The data breach exposed information including infection status, dates of birth, addresses, names, and other PII. However, no Social Security numbers or financial data was compromised in the breach.