During the Covid-19 pandemic, data protection and privacy concerns took center stage as governments and organizations worldwide implemented various overreaching measures to control the spread of the virus. One of the most significant and controversial of these measures was the introduction of vaccine passports and health passes.
These digital certificates indicated an individual’s vaccination status and, in many cases, were required for access to public spaces, travel, and certain services. This move marked a drastic shift in the way personal health information was used and shared, raising serious concerns about data privacy and surveillance.
But aside from that, constant mandatory testing opened up new ways that people’s data could be collected and shared.
CoronaLab, one of the largest Dutch COVID-19 test providers, seemingly exposed a password-less database to the internet. A total of 1.3 million sets of coronavirus testing records were potentially compromised, but thus far, no party has claimed responsibility for the oversight. This database contained an alarming variety of vital personal information including patient names, passport numbers, email addresses, and other data.
According to The Register, the disappointing discovery of the data leak was made by Jeremiah Fowler, a credible source known for detecting breaches. Fowler found 118,441 test certificates, 660,173 testing samples, 506,663 appointment logs, and several internal files on the open internet, which, if sourced by a nefarious actor, could lead to significant privacy infringement. “Criminal[s] could potentially reference test dates, locations, or other insider information that only the patient and the laboratory would know,” Fowler commented.
Believed to be linked to CoronaLab, a subsidiary of the Amsterdam-based Microbe & Lab, the exposed database paints a troubling picture of negligence. CoronaLab is listed by the US Embassy in the Netherlands as a recommended commercial COVID-19 test provider.