The personal details and vaccination status of up to one million people was left exposed in a HSE cyber lapse. A problem with the HSE’s Covid vaccination portal left the data of up to one million people vulnerable, a security researcher said. The data at risk included the full names, vaccination status and type of vaccination people received.
The issue was discovered in December 2021 by Aaron Costello, security researcher and principal software-as-a-service security engineer at cyber security company AppOmni. Mr Costello said the issue was due to a “misconfiguration” in the portal. That granted registered users excessive permissions, potentially granting access to sensitive personal identifiable information and the protected health information of other registrants, as well as internal HSE documents. He said he reported the issue to the HSE in mid-December 2021, with the organisation confirming the problem within a few days. Information provided to the researcher indicated the misconfiguration was resolved shortly afte