Compromised information includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data.
An unprotected Elasticsearch server was found publicly exposing personally identifiable information belonging to nearly 90% of Panama citizens, a security researcher found last week.
Bob Diachenko, cyber threat intelligence director at Security Discovery, found the data sitting in a server, where it was publicly available and visible in any browser. The database held 3.4 million records containing detailed information on Panamanian citizens, labeled "patients," as well as 468,086 records labeled "test-patient." He reports the exposed information appears to be valid.
Given Panama's total population amounts to some 4.1 million people, he adds, the number of exposed records (including test-patient) would indicate compromise for 90% of citizens.
The compromised records contained the following: full names, birth dates, national ID numbers, medical insurance numbers, phone numbers, email and physical addresses, and other data. Diachenko alerted CERT Panama, which secured the databased with 48 hours, he says. It's unclear which business or government institution owns the poorly secured server.
Read more details here.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024