In West Bengal, Covid-19 test results of people were made publicly accessible owing to a faulty online system implementation which contains personal information of the citizens.

Continue reading
In West Bengal, Covid 19 test results of people were made publicly accessible owing to faulty online system implementation. These reports also contained personal information of the citizens like age, date and time of sample testing, residence address, etc.
Security researcher, Sourajeet Majumder, made a surprising discovery of a government website revealing millions of COVID-19 test results as he noticed a text message sent to a Covid 19 test taker. The URL in the text message content, that finally led to the report, contained a base64-encoded report's ID number ("SRF ID"). COVID-19 test results of other patients could be accessed from this by decoding the base64-encoded report number into a simpler numeric form and constructing new sets of URLs. Thus, millions of test results of patients, along with their name, age, gender, address, details regarding the location of the testing lab, etc, could be accessed by an attacker.
The leak has been attributed to the Health and Welfare Department, Government of West Bengal, India. The department, after being informed of the test reports leak, took necessary actions, and the URLs that earlier led to the test results now returned a 404 (not found) message.
Acknowledging the leak, Dr. Sushant Roy, a government health official, in charge of the Covid-19 situation in North Bengal, agreed that test result data of patients should be confidential and only shared with the patients' family members. He assured that suitable actions would be taken to rectify the problem and prevent its recurrence.
However, this was not the first time an online leak of Covid 19 test results by numerous independent testing labs compromised the personal information of the patients thereby exposing them to the threat of cyberattacks. Heightened measures should be taken to safeguard the privacy of the test takers.
Polymarket's hack losses climb to $3.1M across 11 wallets as the platform faces a federal probe into deceptive marketing, even after pledging full refunds.