Data Breach at Drug Screening Lab
A configuration error has caused a prolonged data breach at a Florida County’s drug screening laboratory.
The security incident occurred at St. Lucie County’s Drug Screening Lab (SLC Lab), which supplies drug testing services for employment, court cases and other purposes.
In a statement released January 20 2022, County leaders said that a misconfiguration detected in the lab’s website portal had inadvertently made some of the portal users’ personal data accessible for more than four years.
“Upon learning of this issue, SLC Lab corrected the misconfiguration and immediately launched an investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of incidents,” said the officials.
“SLC Lab devoted considerable time and effort to determine what information may have been accessible to unauthorized users.”
A digital forensic investigation was launched to determine what data had been exposed by mistake.
The County said: “SLC Lab discovered on December 28 2021 that the website portal misconfiguration allowed for data to be accessible to certain portal users between June 2 2017 and October 13 2021.”
Data exposed in the incident included full names and one or more of the following: Social Security numbers, dates of birth and limited lab test type and result information.
“To date, SLC Lab is not aware of any reports of identity fraud or improper use of any information as a direct result of this incident,” said the County.
On January 20, the lab began notifying affected individuals of the security incident by letter and encouraging them to enroll in complimentary credit monitoring services. County leaders did not state how many residents of St. Lucie County may have had their data compromised.
St. Lucie County spokesman Erick Gill told WPTV that the mistake impacted no other data in the care of the county.
“SLC Lab is committed to maintaining the privacy of personal information in its possession and has taken many precautions to safeguard it,” said Gill.
He added: “SLC Lab continually evaluates and modifies its practices to enhance the security and privacy of the personal information it maintains.”
More Stories
Friday Squid Blogging: Squid Sticker
A sticker for your water bottle. Blog moderation policy. Read More
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe
OpenAI must also initiate a six-month public awareness campaign across Italian media, explaining how it processes personal data for AI...
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers
The Security Service of Ukraine has accused Russian-linked actors of perpetrating a cyber-attack against the state registers of Ukraine Read...
LockBit Admins Tease a New Ransomware Version
The LockBitSupp persona said LockBit 4.0 will be launched in February 2025 Read More
Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns
The FBI has issued a warning about the Hiatus RAT malware targeting Xiongmai and Hikvision web cameras and DVRs, urging...
CISA Urges Encrypted Messaging After Salt Typhoon Hack
The US Cybersecurity and Infrastructure Security Agency recommended users turn on phishing-resistant MFA and switch to Signal-like apps for messaging...