Data Breach at Drug Screening Lab
A configuration error has caused a prolonged data breach at a Florida County’s drug screening laboratory.
The security incident occurred at St. Lucie County’s Drug Screening Lab (SLC Lab), which supplies drug testing services for employment, court cases and other purposes.
In a statement released January 20 2022, County leaders said that a misconfiguration detected in the lab’s website portal had inadvertently made some of the portal users’ personal data accessible for more than four years.
“Upon learning of this issue, SLC Lab corrected the misconfiguration and immediately launched an investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of incidents,” said the officials.
“SLC Lab devoted considerable time and effort to determine what information may have been accessible to unauthorized users.”
A digital forensic investigation was launched to determine what data had been exposed by mistake.
The County said: “SLC Lab discovered on December 28 2021 that the website portal misconfiguration allowed for data to be accessible to certain portal users between June 2 2017 and October 13 2021.”
Data exposed in the incident included full names and one or more of the following: Social Security numbers, dates of birth and limited lab test type and result information.
“To date, SLC Lab is not aware of any reports of identity fraud or improper use of any information as a direct result of this incident,” said the County.
On January 20, the lab began notifying affected individuals of the security incident by letter and encouraging them to enroll in complimentary credit monitoring services. County leaders did not state how many residents of St. Lucie County may have had their data compromised.
St. Lucie County spokesman Erick Gill told WPTV that the mistake impacted no other data in the care of the county.
“SLC Lab is committed to maintaining the privacy of personal information in its possession and has taken many precautions to safeguard it,” said Gill.
He added: “SLC Lab continually evaluates and modifies its practices to enhance the security and privacy of the personal information it maintains.”
More Stories
New MacStealer Targets Catalina, Newer MacOS Versions
The malware can extract information from documents, browser cookies and login information Read More
Can zero trust be saved?
Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for...
Part of Twitter source code leaked on GitHub
Part of Twitter’s source code has been leaked and posted on GitHub by an unknown user. GitHub took down the...
Hacks at Pwn2Own Vancouver 2023
An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first...
France bans TikTok, all social media apps from government devices
The French government has banned TikTok and all other “recreational apps” from phones issued to its employees. The Minister of...
How often should security audits be?
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of...