A security breach on a website related to the Covid self-appointment service of the Community of Madrid managed by the company Indra has exposed the personal data of patients in that region. The company has cut the service of said website upon noticing the violation in the treatment of data.
The website in question was publicly accessible, when it should not be, without any type of restriction, according to sources in the cybersecurity sector. By simply manipulating a parameter, the DNI, you could have access to the personal information of the patients of the Community of Madrid, the same sources admit
Specifically, through this process, data such as name and surname, address, telephone number and even the social security number of the patients were accessible. This registry gives access to the medical history of each one of them.
Indra’s official sources acknowledge the existence of an “incident in the self-appointment program”, although they point out that “this program has been closed immediately, and it will remain so while said incident is being resolved”. From the technology company they admit that “there has been no repercussion or relevant incident or violation of any personal database.”
elEconomista has had access to the data derived from said violation, making the data of, among others, Mariano Rajoy, King Felipe VI and Pablo Iglesias visible, as can be seen in the attached screenshots.
Facebook Comments
Disqus