A misconfigured database exposed 108.8 GB of sensitive data belonging to over 86,000 healthcare workers linked to ESHYFT, a HealthTech company operating in 29 states. The unprotected database contained highly sensitive information such as SSNs, ID scans, salary details, and medical reports, posing significant risks like identity theft and fraud. Cybersecurity researcher Jeremiah Fowler discovered the breach and alerted ESHYFT, but it took the company over a month to secure the data. Fowler indicated the database was not directly managed by ESHYFT, leaving questions about third-party responsibility and potential unauthorized access. To prevent such breaches, organizations must adopt stricter security practices, including encryption, multi-factor authentication, regular audits, data segregation, and clear breach response protocols. Continue here.
