UChicago Medicine Exposed Over 1 Million Records Of Potential Donors

  •  
  •  
  •  
  • 7
  •  
  •  
  •  
    7
    Shares

Continuing on the trail of data leakages through unsecured databases, now joins The University of Chicago Medicine. UChicago Medicine exposed over a million records publicly, which included personal data of their potential donors.

UChicago Medicine Exposed Data Publicly

The researcher Bob Diachenko of Security Discovery spotted another incidence of data leakage through the open database. This database belonging to UChicago Medicine exposed huge records having details of the university’s donors.

Elaborating on his findings in his blog post, Diachenko stated that he noticed the publicly accessible Elasticsearch instance leaking data. Upon digging further into the matter, he noticed that the database belonged to The University of Chicago Medicine. The exposed records allegedly included information of the ‘leads’ and current and previous donors for the entity.

Specifically the 34GB database entitled ‘data-ucmbsd2’ exposed as many as 1,679,993 records. Regarding the kind of information leaked, it included names, birth dates, gender, contact numbers, residential addresses, email addresses, marital status, income information with current status, and communication notes.

The researcher stated that anyone looking for open databases could have easily found this one indexed with Shodan.

University Fixed The Matter

After discovering the publicly open Elasticsearch instance and completing the investigation, the researcher could quickly establish its link with UChicago Medicine. He then informed the institution regarding the incident. Following his report, the institution secured the database within 48 hours of the notification. They also provided the following statement to the researcher.

Thank you for bringing this to our attention in a way that allowed us to secure the affected database, prevent unauthorized use or disclosure, and protect our systems and information. As we learn more from our ongoing investigation, we will comply with our responsibilities under all applicable laws and regulations.

UChicago Medicine was fortunate to secure the database due to Diachenko’s report.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!