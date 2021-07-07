A data breach in the at the Madrid Health Council exposed the personal information of 100,000 people from Madrid, as reported by Telemadrid and El País. The first mentioned media also adds that among those affected by the leak are King Felipe VI, Pedro Sánchez, José María Aznar and Pablo Casado. The information would have been available until the afternoon of Wednesday, July 7.

The data was housed in a server destined to the Self-appointment to receive the vaccine against COVID-19. While the procedure for accessing information was not straightforward for most of the public, a person with some basic computer skills could take advantage of the gap to view it with relative ease. Telemadrid describes the use of a public link —which should be private—, a proxy and a random DNI to enter the database.

Once inside, it was possible to obtain the full name, telephone number, Social Security number and the address history of any citizen residing in Madrid. Also the ID of the Self-Cite, from which other data such as the day and time of vaccination, the manufacturer of the vaccine, could be viewed. “the arm where you received the dose and the name of the health worker who administered it”, they indicate.

The Madrid data breach, caused by

A computer expert consulted by Telemadrid assured that the tender for the development of this type of government gates involves very important security requirements. However, it is clear that in this case they did not even meet the minimum safety standards that any web requires.

“These companies are asked very high requirements in these public tenders. But in this case they have not met the security minimums that any page of this type must have. A” very bad “programming error.

A spokesman for the Madrid Health Council assured El País that the link was not publicly accessible. They explained that, to access the agency’s website, a digital certificate that would have been generated “through improper access”. To avoid further inconveniences, the Ministry blocked access after receiving the report from Telemadrid. The breach was discovered by a person who preferred to remain anonymous.

