A configuration error has caused a prolonged data breach at a Florida County’s drug screening laboratory.
The security incident occurred at St. Lucie County’s Drug Screening Lab (SLC Lab), which supplies drug testing services for employment, court cases and other purposes.
In a statement released January 20 2022, County leaders said that a misconfiguration detected in the lab’s website portal had inadvertently made some of the portal users’ personal data accessible for more than four years.
“Upon learning of this issue, SLC Lab corrected the misconfiguration and immediately launched an investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of incidents,” said the officials.
“SLC Lab devoted considerable time and effort to determine what information may have been accessible to unauthorized users.”
A digital forensic investigation was launched to determine what data had been exposed by mistake.
The County said: “SLC Lab discovered on December 28 2021 that the website portal misconfiguration allowed for data to be accessible to certain portal users between June 2 2017 and October 13 2021.”
Data exposed in the incident included full names and one or more of the following: Social Security numbers, dates of birth and limited lab test type and result information.
“To date, SLC Lab is not aware of any reports of identity fraud or improper use of any information as a direct result of this incident,” said the County.
On January 20, the lab began notifying affected individuals of the security incident by letter and encouraging them to enroll in complimentary credit monitoring services. County leaders did not state how many residents of St. Lucie County may have had their data compromised.
St. Lucie County spokesman Erick Gill told WPTV that the mistake impacted no other data in the care of the county.
“SLC Lab is committed to maintaining the privacy of personal information in its possession and has taken many precautions to safeguard it,” said Gill.
He added: “SLC Lab continually evaluates and modifies its practices to enhance the security and privacy of the personal information it maintains.”
