Leaked results of 700,000 Covid tests: what do you risk?
There was a time when pharmacies sold drugs. And then the Covid arrived and turned the global ecosystem upside down. The globe then has discovered the principle of the antigen test which allows to know if you are positive or negative for the disease. Our “poor” pharmacists therefore found themselves transforming their shops into testing centers, chaining them all day until they were thirsty. The thing already taking time, the continuation takes even more.
It is indeed necessary send each result to the SI-DEP, the secure government platform on which they are registered. This is how the repercussions of positive cases are managed, such as analysis and linking with contact cases. Except that, in the opinion of the main users, the SI-DEP was launched in emergency last December and is nothing but an ergonomic nightmare that turns each sending of results into a showdown. Never mind, external companies have been created to position themselves as a Good Samaritan who will take over the task for the modest sum of one euro. But as these companies were also set up in emergency, other issues, security this time, were discovered.
Contents
Also read: Security, anonymity … How to change your IP address?
When the risk is unapproved
This is the case for example of the company Francetest. Founded in January, it is positioning itself in this new market. Except that the company has shown enormous negligence in the content of its site, as announced by our colleagues from Mediapart. It was indeed possible, until last Friday, to find a clear password in a free access document on their site. This opened the doors for you to personal data contained in the test results files of more than 700,000 people. Names, first names, addresses, dates of birth, telephone and social security numbers, email address… Everything was available to anyone who wanted to use it.
This flaw was discovered by an anonymous who alerted the CNIL (National Commission for Informatics and Liberties) who immediately launched investigations. Since the alert regarding this flaw, Francetest announced thatshe was currently working with cybersecurity specialists to strengthen that of her site. The company has also tried to comfort everyone by claiming that they believe there is no evidence so far that there has been a data breach.
If this outsourcing of the sending of data from pharmacists is not prohibited, the General Directorate of Health (DGS) reminded pharmacists on Sunday that there was a list of software approved and compatible with the SI-DEP. Francetest was not on this list. If it turns out that the leak did take place, this is what could happen to the victims.
Lost identity
If a hacker has indeed got hold of your first and last names and other information that he could find on the website of Francetest, he can do big damage with, as recalls Gérôme Billois, expert in cyber-security at the consulting firm Wavestone to our colleagues from Franceinfo.
As a first step, cybercriminals can ” send false emails based on information, names, first names, addresses, social security numbers to request for example an additional payment or request the communication of the bank card to create fraud. ”. Secondly, this story can end up in identity theft, since the data entered are very fresh, dating from the last few months. It is therefore, for example, quite possible that a person can take out a loan in your name.
For the average web surfer, it becomes difficult to navigate safely in a 100% protected environment and this is probably the biggest challenge that awaits the Internet over the next few months.
