Data Breach at Drug Screening Lab
A configuration error has caused a prolonged data breach at a Florida County’s drug screening laboratory.
The security incident occurred at St. Lucie County’s Drug Screening Lab (SLC Lab), which supplies drug testing services for employment, court cases and other purposes.
In a statement released January 20 2022, County leaders said that a misconfiguration detected in the lab’s website portal had inadvertently made some of the portal users’ personal data accessible for more than four years.
“Upon learning of this issue, SLC Lab corrected the misconfiguration and immediately launched an investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of incidents,” said the officials.
“SLC Lab devoted considerable time and effort to determine what information may have been accessible to unauthorized users.”
A digital forensic investigation was launched to determine what data had been exposed by mistake.
The County said: “SLC Lab discovered on December 28 2021 that the website portal misconfiguration allowed for data to be accessible to certain portal users between June 2 2017 and October 13 2021.”
Data exposed in the incident included full names and one or more of the following: Social Security numbers, dates of birth and limited lab test type and result information.
“To date, SLC Lab is not aware of any reports of identity fraud or improper use of any information as a direct result of this incident,” said the County.
On January 20, the lab began notifying affected individuals of the security incident by letter and encouraging them to enroll in complimentary credit monitoring services. County leaders did not state how many residents of St. Lucie County may have had their data compromised.
St. Lucie County spokesman Erick Gill told WPTV that the mistake impacted no other data in the care of the county.
“SLC Lab is committed to maintaining the privacy of personal information in its possession and has taken many precautions to safeguard it,” said Gill.
He added: “SLC Lab continually evaluates and modifies its practices to enhance the security and privacy of the personal information it maintains.”
More Stories
Quishing Attacks Jump Tenfold, Attachment Payloads Halve
The figures come from Egress’s latest report, which also suggests secure email gateways lag behind tech advancements Read More
Russia’s Sandworm Upgraded to APT44 by Google’s Mandiant
Mandiant has confirmed that Sandworm is responsible for many cyber-attacks against Ukraine has close ties with a Russian hacktivist group...
New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads
Zscaler also confirmed MadMxShell uses DLL sideloading and DNS tunneling for C2 communication Read More
Change Healthcare data for sale on dark web as fallout from ransomware attack spirals out of control
February's crippling ransomware attack against Change Healthcare, which saw prescription orders delayed across the United States, continues to have serious...
3.5 million Omni Hotel guest details held to ransom by Daixin Team
The international hotel chain Omni Hotels & Resorts has confirmed that a cyber attack last month saw it shut down...
Police smash LabHost international fraud network, 37 arrested
Police have successfully infiltrated and disrupted the fraud platform "LabHost", used by more than 2,000 criminals to defraud victims worldwide....