Security researcher Bob Diachenko discovered an unsecured server hosted by Utah-based company Premier Diagnostics on February 22, in which he found sensitive information pertaining to 50,000 customers. Diachenko currently works for consumer privacy watchdog Compairtech, which aims to promote data privacy through testing various services. Customer data located within the unsecured server includes scans of passports, health insurance ID cards, and driver’s licenses. The highly sensitive information could be abused by cybercriminals to commit identity theft or create highly convincing phishing attacks to steal financial information.
The affected consumers are largely from Utah, Nevada, and Colorado, according to researchers. Comparitech’s Paul Bischoff warned that the impacted data could be anywhere, potentially circulating the dark web or in the hands of a malicious actor. Premier Diagnosis currently operates 11 Covid-19 testing sites located across Utah. The information was likely that of Covid-19 testing patients, whose IDs are scanned and stored before the procedure. Premier Diagnostics has allegedly taken steps to secure the data since they were informed of the breach.
Read More: Utah Company Stored Passport Scans on Unsecured Server