Covid test lab leaks details of over a million patients online

Image Credit: Pixabay (Image credit: Pixabay)

A leaked Covid-19 testing database which contains the personal details of an estimated 1.3 million people has been discovered online by a top security researcher.

The database, operated by Coronalab.eu which is owned by Microbe & Lab, an ISO-certified lab based in Amsterdam, Netherlands, was found without password protection and the documents within were all marked with the name and logo of the database owner.

Data leakage, identity theft, and potentially much more

Inside the database, the full names, dates of birth and passport numbers of over a million people were discovered. The owner of the database, Microbe & Lab, is an ISO-certified lab based in Amsterdam, Netherlands.

The email addresses, test results, prices and locations of many other tests were also found within QR codes and .csv files. This information would be an absolute goldmine for a malicious actor, who could utilise the data to launch highly sophisticated Covid-19 related phishing attacks, commit fraud, or sell the data on.

Positive test certificate from the CoronaLabs database — A positive test certification from the CoronaLabs database with the patients full name, data of birth, and passport number. (Image credit: Jeremiah Fowler - vpnMentor)

Fowler noted in the research that it is not known who else had access to the data before it was discovered to be vulnerable, or how long it had been open to access, stating that, “only an internal forensic audit would identify if others may have accessed the database or performed any other suspicious activity. It is also unclear if customers, patients, or the authorities have been notified of the data incident.”

Fowler also pointed out that the improper storage of patient data is not only a risk to patient privacy, especially when the data is related to Covid testing but, “could also affect how patients view public healthcare providers and how much they trust them to safeguard their medical data.”

Covid is still relatively fresh in the minds of much of the world and medical researchers are still grappling with the potential long-term conditions such as ‘long Covid’. Fowler points out that the exposure of individual test results could have longer term ramifications due to the obscurity of the long term effects of the virus.

Due to the sensitivity of patient data, the Biden administration is seeking to introduce a new policy stating that medical providers must ensure that they follow the best security practices in order to secure funding.

More from TechRadar Pro

Take a look at our guide to the best cloud storage services
EU ministers urged to defend citizens' right to data privacy
One of the biggest data leaks ever has just been revealed - here's what to do if you've been hit

Benedict has been with TechRadar Pro for over two years, and has specialized in writing about cybersecurity, threat intelligence, and B2B security solutions. His coverage explores the critical areas of national security, including state-sponsored threat actors, APT groups, critical infrastructure, and social engineering.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the Centre for Security and Intelligence Studies at the University of Buckingham, providing him with a strong academic foundation for his reporting on geopolitics, threat intelligence, and cyber-warfare.

Prior to his postgraduate studies, Benedict earned a BA in Politics with Journalism, providing him with the skills to translate complex political and security issues into comprehensible copy.