Close Menu
TechBrunchTechBrunch
  • Home
  • AI
  • Apps
  • Crypto
  • Security
  • Startups
  • TechCrunch
  • Venture

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

CISA confirms that hackers are actively taking advantage of the critical “Citrix Bleed 2” bug

July 11, 2025

Bitcoin surpasses $118K at the second highest high in 24 hours

July 11, 2025

AI chatbot's simple “123456” password was at risk of revealing personal data from millions of McDonald's job seekers

July 11, 2025
Facebook X (Twitter) Instagram
TechBrunchTechBrunch
  • Home
  • AI

    OpenAI seeks to extend human lifespans with the help of longevity startups

    January 17, 2025

    Farewell to the $200 million woolly mammoth and TikTok

    January 17, 2025

    Nord Security founder launches Nexos.ai to help enterprises move AI projects from pilot to production

    January 17, 2025

    Data proves it remains difficult for startups to raise capital, even though VCs invested $75 billion in the fourth quarter

    January 16, 2025

    Apple suspends AI notification summaries for news after generating false alerts

    January 16, 2025
  • Apps

    Belkin will no longer support most WEMO devices and their WEMO apps

    July 10, 2025

    Mockly has actually created a fake DM generator that is user-friendly

    July 10, 2025

    YouTube removes its trending pages and now trend list

    July 10, 2025

    As X loses CEO, daily use is decreasing and competition is growing

    July 10, 2025

    Google adds inter-image generation capabilities to VEO 3

    July 10, 2025
  • Crypto

    Bitcoin surpasses $118K at the second highest high in 24 hours

    July 11, 2025

    Vitalik Buterin reserves for Sam Altman's global project

    June 28, 2025

    Calci will close a $185 million round as rival Polymeruk reportedly seeks $200 million

    June 25, 2025

    Stablecoin Evangelist: Katie Haun's Battle of Digital Dollars

    June 22, 2025

    Hackers steal and destroy millions of Iran's biggest crypto exchanges

    June 18, 2025
  • Security

    CISA confirms that hackers are actively taking advantage of the critical “Citrix Bleed 2” bug

    July 11, 2025

    AI chatbot's simple “123456” password was at risk of revealing personal data from millions of McDonald's job seekers

    July 11, 2025

    French police arrest Russian basketball player accused of ransomware: Report

    July 10, 2025

    Authorities arrest four hackers related to UK retail hacking

    July 10, 2025

    Jack Dorsey says his “safe” new bitchat app hasn't been tested for security

    July 9, 2025
  • Startups

    7 days left: Founders and VCs save over $300 on all stage passes

    March 24, 2025

    AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

    March 24, 2025

    20 Hottest Open Source Startups of 2024

    March 22, 2025

    Andrill may build a weapons factory in the UK

    March 21, 2025

    Startup Weekly: Wiz bets paid off at M&A Rich Week

    March 21, 2025
  • TechCrunch

    OpenSea takes a long-term view with a focus on UX despite NFT sales remaining low

    February 8, 2024

    AI will save software companies' growth dreams

    February 8, 2024

    B2B and B2C are not about who buys, but how you sell

    February 5, 2024

    It's time for venture capital to break away from fast fashion

    February 3, 2024

    a16z's Chris Dixon believes it's time to focus on blockchain use cases rather than speculation

    February 2, 2024
  • Venture

    All stages in Boston and 4 days until lowest ticket prices disappear

    July 11, 2025

    Learn how to raise seed rounds from top VCS in 2025

    July 10, 2025

    Save up to $475 for 5 days to all stages before prices rise

    July 10, 2025

    David George on the Future to be released in 2025

    July 9, 2025

    Edo Liberty explores missed links for Enterprise AI in 2025

    July 9, 2025
TechBrunchTechBrunch

It took two years for coronavirus vaccination records to be made public due to a bug on the Irish government website

TechBrunchBy TechBrunchMarch 14, 20243 Mins Read
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Telegram Email


Two years ago, the Irish government fixed a vulnerability in the country's coronavirus vaccination portal that exposed the vaccination records of around 1 million residents. However, details of the vulnerability were not disclosed until this week after public coordination attempts with government agencies ended in a deadlock.

Security researcher Aaron Costello was interviewed by the Irish Health Service Executive (HSE) in December 2021, one year after mass vaccination against coronavirus disease (COVID-19) began in Ireland. The company said it had discovered a vulnerability in its new coronavirus vaccination portal.

Costello, who has deep expertise in securing Salesforce systems, currently works as a principal security engineer at AppOmni, a security startup with commercial interests in securing cloud systems.

In a blog post shared with TechCrunch ahead of publication, Mr Costello said a vulnerability in the vaccination portal built on Salesforce's health cloud could cause members of the public registered on the HSE vaccination portal to It said it could potentially access the health information of registered users. .

Mr Costello said the vaccine administration records for more than one million Irish residents included data such as name, vaccination details (including reasons for administering or refusing the vaccine), type of vaccination, and other information. He said that people can also access it. We also discovered that the HSE's internal documents were accessible to any user through the portal.

“Thankfully, the ability to see details of everyone's vaccination administration was not immediately obvious to regular users using the portal as intended,” Costello wrote.

The good news is that no one other than Costello discovered the bug, and a statement given to TechCrunch says the HSE has provided detailed information showing that “there was no unauthorized access or viewing of this data.” Access logs were kept.

“We fixed the misconfiguration the same day we were alerted,” HSE spokesperson Elizabeth Fraser said in a statement to TechCrunch when asked about the vulnerability.

“We consider that the data accessed by this individual is not sufficient to identify him unless additional data fields are exposed, and that in these circumstances a personal data breach report to the Data Protection Commission is not necessary. ” said an HSE spokesperson.

Ireland is subject to strict data protection laws under the European Union's GDPR regulations, which govern data protection and privacy rights across the EU.

The public release of Costello marks more than two years since the vulnerability was first reported. His blog post included a multi-year timeline revealing interactions between various government departments that have been reluctant to make public requests. He was ultimately told that the government would not publicize this bug as if it did not exist.

Organizations are not obligated, even under the GDPR, to disclose vulnerabilities that do not result in mass theft or access to sensitive data and do not meet the legal requirements for an actual data breach. That being said, security is often built on the knowledge of others, especially those who have experienced security incidents themselves. Sharing that knowledge could help other organizations avoid being exposed to similar risks that go unnoticed, and why security researchers tend to lean toward public disclosure to prevent a repeat of past mistakes. I will explain what is there.



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

CISA confirms that hackers are actively taking advantage of the critical “Citrix Bleed 2” bug

July 11, 2025

AI chatbot's simple “123456” password was at risk of revealing personal data from millions of McDonald's job seekers

July 11, 2025

French police arrest Russian basketball player accused of ransomware: Report

July 10, 2025

Authorities arrest four hackers related to UK retail hacking

July 10, 2025

Jack Dorsey says his “safe” new bitchat app hasn't been tested for security

July 9, 2025

Get the exhibition tables on TechCrunch Confuse 2025

July 9, 2025

Leave A Reply Cancel Reply

Top Reviews
Editors Picks

7 days left: Founders and VCs save over $300 on all stage passes

March 24, 2025

AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

March 24, 2025

20 Hottest Open Source Startups of 2024

March 22, 2025

Andrill may build a weapons factory in the UK

March 21, 2025
About Us
About Us

Welcome to Tech Brunch, your go-to destination for cutting-edge insights, news, and analysis in the fields of Artificial Intelligence (AI), Cryptocurrency, Technology, and Startups. At Tech Brunch, we are passionate about exploring the latest trends, innovations, and developments shaping the future of these dynamic industries.

Our Picks

CISA confirms that hackers are actively taking advantage of the critical “Citrix Bleed 2” bug

July 11, 2025

Bitcoin surpasses $118K at the second highest high in 24 hours

July 11, 2025

AI chatbot's simple “123456” password was at risk of revealing personal data from millions of McDonald's job seekers

July 11, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

© 2025 TechBrunch. Designed by TechBrunch.
  • Home
  • About Tech Brunch
  • Advertise with Tech Brunch
  • Contact us
  • DMCA Notice
  • Privacy Policy
  • Terms of Use

Type above and press Enter to search. Press Esc to cancel.