Medvet, a South Australian state-owned drug, alcohool and DNA testing company, exposed the records of over 800 of its customers by allowing them to be indexed in Google.The security breach was discovered and reported by
The Australian, according to which, the health ministry was not notified in a timely manner despite having a representative on the company's board.
The newspaper reported the issue to Medvet on Friday and ran its story on Saturday. Medvet's administration allegedly alerted the board on Friday evening, but SA health officials learned of the breach from the news.
The exposed records belong to customers who ordered drug test kits using the company's website. Medvet apologized for the incident.
"
It appears that there’s been some issue … that’s occurred with the software between Google and some software that’s being used by the company to register requests for drug tests," Medvet CEO David Swan said.
He also noted that he requested the board to conduct an independent investigation to determine the circumstances that led up to this situation.
The company has yet to notify customers individually of what happened. According to
The Register, Australian Privacy Foundation’s health chair Juanita Fernando said that litigation is inevitable.
The cases of sensitive information ending up in Google's cache are not new. In the past there were even incidents when credit card numbers were exposed in this manner.
Just recently, Russian mobile telecommunications giant MegaFon exposed people's private SMS messages after failing to protect a section of its website. The messages were available in a directory that was missing the robots.txt file used to control search engine crawlers.
But even if such files are missing, this kind of sensitive data should never be stored in a publicly accessible directory where it can be reached by search robots in the first place.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
