Indiana says risk to users whose COVID-19 contact tracing data was accessed is low


Contact tracing was first introduced towards the start of the COVID-19 pandemic, and users can choose to participate or not. Apple and Google both have contact tracing apps on their devices which can be turned on or off.

Estimated reading time: 2 minutes

The State of Indiana, like many other states, has been running its own contact tracing program with a group of 750K participants. According to the Associated Press, the data of these participants was accessed by a third party. But Indiana officials say that the risk to the participants remains very low.

The story is a bit confusing and amounts to a pointing fingers scenario. Officials have stated that the participants’ data, including names, addresses, dates of birth, emails, and data on gender, ethnicity, and race, was “improperly accessed.” According to state officials, the program doesn’t collect social security data or medical data.

We know that one company gained access to the contact tracing data, and officials would not name them. But according to the AP, the company in question is UpGuard, a cybersecurity company based in California. According to an UpGuard spokesperson, Indiana’s press release regarding the matter contained several “falsehoods.”

“For one, our company did not `improperly access’ the data. The data was left publicly accessible on the internet. This is known as a data leak,” she said. “It was not unauthorized because the data was configured to allow access to anonymous users, and we accessed it as an anonymous user.”

Rethmeyer added that UpGuard “discovered this leaked information in the course of our research and notified the Indiana Department of Health since they were unaware of the leak.” 

She added that the company “aided in securing the information, in turn ensuring that it would no longer be available to anyone with malicious intent.”

Associated Press

So this is where the two entities are in disagreement. Whatever happened, and whoever was at fault, the fact is contact tracing information was publicly accessible, and if a bad actor had gotten to it, that could have been very bad. For a more in-depth picture of this story, be sure to check out the AP’s article.

What do you think of this story? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network.

contact tracing in my coffee

Last Updated on October 6, 2021.

cybersecurity security breach data breach

The future of smartphones doesn’t include a charging brick

Simple tips for building a tech company for success


Latest Articles

Share via
Copy link
Powered by Social Snap