A security flaw on a COVID-19 website run by the state government in West Bengal, India, potentially exposed the patient records of a majority of the 8.5 million individuals in the database, TechCrunch reports. A bug on the government's website allowed for patient identification numbers to be decoded and manipulated to provide access to any individual's results. Names, ages, genders and postal addresses were included in each file, along with the test results. The database was taken offline in February after the flaw was identified.
4 March 2021
Millions of COVID-19 results potentially exposed by Indian government
Related stories
Notes from the IAPP Europe: EDPB and EDPS 2024 annual reports, first DMA fines and difficulties keeping up with deadlines
GPS 2025: Collaboration, precision highlight future of US state privacy law enforcement
Notes from the Asia-Pacific region: Add your voice to the privacy, governance discussion
GPS 2025: How 3 AI regulators view cross-border cooperation
GPS 2025: European regulators reflect on pay or consent enforcement, concerns
