Microsoft Power Apps Data Breach
A Microsoft data breach has reportedly exposed almost 40 million records containing personally identifiable information (PII), Social Security numbers, employee IDs, and email addresses. The data breach has now impacted dozens of organizations across the country, including American Airlines, Ford, Maryland Department of Health, New York City Municipal Transportation Authority, and the state of Indiana.
On May 24, an UpGuard analyst discovered that the Open Data Protocols (OData) API for an organization’s Microsoft Power Apps portal that contained an anonymously accessible list of data.
On Microsoft Power Apps, users can enter, store and retrieve data from other applications. The service also allows organizations to publicly display Power Apps lists. But the software design has now left certain permissions vulnerable. When the configurations are not set properly, and the OData feed is enabled, anonymous users can access data.
The Lyon Firm is investigating Microsoft data breach claims and is actively involved in numerous data privacy cases and has experience filing data security claims on behalf of plaintiffs nationwide.
What Kind of Personal Data is Valuable?
Cybercriminals can use unique personal data for a number of fraudulent activities. Commonly stolen medical data can include:
- Phone Numbers
- Social Security numbers
- Financial information
- Health insurance IDs
- Driver’s License numbers