Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 7 July, 2026
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

38 million personal identifiable information exposed in Microsoft Power Apps data leak

by The Gurus
August 24, 2021
in Cyber Bites, News, Uncategorized
Data breach
Share on FacebookShare on Twitter

Researchers at cybersecurity vendor Upguard have discovered multiple data leaks resulting from Microsoft Power Apps portals configured to allow public access – a new vector of data exposure. The types of data exposed varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses. UpGuard notified 47 entities of exposures involving personal information, including governmental bodies like Indiana, Maryland, and New York City, and private companies like American Airlines, J.B. Hunt, and Microsoft, for a total of 38 million records across all portals.

Instances of accidental data exposure have become an almost daily occurrence, and it’s important for all those who were potentially affected to take some preventative measures, such as changing passwords and enabling multifactor authentication wherever possible.

Commenting on the news, Natalie Page, threat intelligence analyst at Talion, said: “The personal data of 38 million citizens opens the flood gates for attackers looking to exploit and monetise from this incident. Accidental data exposure essentially provides attackers with electronic keys to criminal activity, the threats and consequences created by an incident of this size are significant. The type of data involved in the incident is the determining factor for what attack methods are available to an adversary. What is concerning with this particular case, is that it includes a vast number of various personally identifiable items, creating a wide scope of potential attack methods. Impersonation, fraud, account takeovers, spear-phishing and blackmail are just some of the methods made possible by this breach, and with details such as individual addresses also supplied, attacks have the potential to spill over into the real world.”

George Papamargaritis, MSS director at Obrela Security Industries, stressed the consequences of misconfiguring applications: “No one can be sure if this data was accessed by any intruders, and if it was, it would have provided them with a wealth of sensitive information which could be used in phishing and identity attacks. When organisations use cloud applications to store sensitive data, they must understand how to configure them properly so no data is put at risk. There have been multiple incidents in the past where cloud misconfigurations have led to data breaches, which have then led to costly fines for the organisation. No one wants to find themselves in this position, so understanding the rules around cloud configurations is essential.”

Lamar Bailey, senior director of security at Tripwire, also encouraged organisations to harden their systems to prevent the accidental exposure of data: “Misconfigurations like these are becoming all too common. Exposing sensitive data doesn’t require a sophisticated vulnerability, and the rapid growth of cloud-based data storage has exposed weaknesses in processes that leave data available to anyone. A misconfigured database on an internal network might not be noticed, and if noticed might not go public, but the stakes are higher when your data storage is directly connected to the Internet. Organizations should identify processes for securely configuring all systems, including cloud-based storage, like Elasticsearch and Amazon S3. Once a process is in place, the systems must be monitored for changes to their configurations because change detection (hardening) is key for securing your cloud infrastructure and preventing inadvertent exposure. These are solvable problems, and tools exist today to help.”

ShareTweet
Previous Post

The four As of identity-based security

Next Post

Cybersecurity Is the ‘Core National Security Challenge’ according to Biden at this week’s CEO Summit

Recent News

Huntress Signs Giacom to Widen UK MSP Access to Managed Detection and Response

Huntress Signs Giacom to Widen UK MSP Access to Managed Detection and Response

July 7, 2026
pentesting

Pentesting is dead. Long live pentesting.

July 3, 2026
AI Appreciation Day: Celebrating Progress, Embracing Responsibility

The industries being reimagined by AI

July 2, 2026
geopolitical cyber report

Iran-linked MuddyWater espionage campaign targets organisations across four continents

July 1, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol