Large-scale leak exposes results of 700,000 antigen tests

It is a large leak that messes up. In a survey printed on Tuesday, Mediapart revealed that private knowledge and Covid-19 antigen take a look at outcomes of 700,000 individuals have been accessible for a number of months to everybody with only a few clicks. It is a safety flaw within the Francetest platform which transfers pharmacists’ knowledge to the SI-DEP file. The latter centralizes all of the checks carried out in France.

It was thus attainable to seek the advice of very simply: the names, first names, gender, date of beginning, social safety quantity, phone, postal tackle and take a look at outcomes of the sufferers involved. Our colleagues point out that after they contacted the corporate final Friday, the issue was rapidly resolved and the positioning now not gave entry to this info a couple of hours later.

The CNIL will rule on this file

It was a French pc fanatic who found this big flaw. Whereas she wished to seek the advice of her file, she observed that the positioning was operating on WordPress, a content material administration system that’s steadily used on-line as a result of it’s free and environment friendly, however which is way much less so for official websites. Whereas searching the portal, she discovers that she will create an account with out being a pharmacist and thus entry affected person knowledge.

Within the wake of those revelations, the Directorate Common of Well being (DGS) knowledgeable pharmacists and reminded them of the record of authorised and suitable platforms. Observe that Francetest isn’t one in all them. Quoted by BFM, Philippe Besset, the president of the Federation of Pharmaceutical Unions of France (FSPF), specifies furthermore:

For weeks and weeks we’ve been alerting the authorities to those corporations which current themselves as labeled and make it simpler for pharmacists to go to the SI-DEP.

The case is now within the fingers of the CNIL which must decide whether or not the info of the French had been sufficiently protected by Francetest. Compliance with the Common Information Safety Regulation (GDPR) may also be examined by the executive authority.