Summary
- Jeremiah Fowler, a security researcher based in Ohio, discovered a database in July that contained the personal details of almost a million people.
- The data included medical records, mental health evaluations, ID images and Social Security numbers, and was accessible to anyone.
- After failing to alert the company to the error, the database was secured the following day.
- It is thought the data belonged to Ohio Medical Alliance LLC, a company that helps users obtain medical cannabis cards.
- Such errors are common, and centres on the issue of database configuration.
- To protect oneself, it is recommended that customers monitor their credit reports and bank accounts regularly.
By Lily Hay Newman, Matt Burgess
Original Article