EU Covid-19 testing platform exposes database with 11.8m patient records

The COVID-19 testing platform, Coronalab.eu, has reportedly exposed a database containing 11.8 million patient records, including COVID-19 certificates, test records, passport numbers, and other sensitive details. The platform, based in the Netherlands, left a misconfigured Google Cloud Storage bucket with 1.7 million files, covering 11.7 million records on individuals from 44 countries. Researchers found a significant number of exposed files containing sensitive and personally identifiable user data such as names, nationality, dates of birth, passport numbers, COVID test results, email addresses, and phone numbers. The leaked data is believed to mostly belong to Dutch nationals, with a significant percentage coming from the Netherlands. The researchers also pointed out that the leak of coronavirus test results indicated a breach of confidentiality and a failure to safeguard sensitive medical information. They advised the platform operators to review access controls, consider encryption, and implement security best practices to prevent similar issues in the future.