A recent news report from the Website Planet researchers reports that a huge alleged security fault at Nigerian government healthcare organization PLASCHEMA (Plateau State Contributory Health Care Management Agency) has exposed over 45GBs of personal data, and over 75,000 files, from an estimated 37,000 people.
It is alleged that 11 of PLASCHEMA’s buckets were left unsecured without any authentication or encryption controls in place. This has compromised the organization’s buckets and exposed over 75,000 files totaling around 45GB of data.
According to Website Planet’s team, this massive oversight has left information such as ID cards – including full names, dates of birth, occupations, blood groups, and even personal addresses, parents’ full names and registration details – birth certificates, personal photographs, identification for government officials and more, in the open online with no protection.
Impact of The Breach on Applicants and PLASCHEMA
No one is sure if hackers have accessed PLASCHEMA’s open buckets. However, if hackers have accessed the buckets, they could target citizens with cybercrimes after obtaining their data.
- Travesty: Persons with compromised data could be impersonated online with IDs, PII, and Images exposed. Many online services accept these documents as proof of identification. Hackers could use this information to perpetrate online activities in victims’ names and carry-out illegal activities and interactions.
- Character damage: The PLASCHEMA’s program is extremely vital for Plateau State citizens, especially those from poor communities who lack access to proper healthcare. PLASCHEMA’s data exposure could ultimately damage residents’ trust in the organization’s healthcare program.
There are expectations that PLASCHEMA could come under public scrutiny, and the investigation of Nigeria’s data protection authority, the National Information Technology Development Agency (NITDA), if citizens’ personal data is confirmed exposed.
NITDA can impose a maximum fine equivalent to 2% of the guilty company’s annual turnover, or 10 million Naira (whichever is greater) for a data breach.
Citizens Remedy
If the data ever leaks to the public, we expect affected individuals, especially Plateau Citizens to monitor social media and other popular sites and services for digital representations in their names.
Who is PLASCHEMA
PLASCHEMA’s runs a program that makes professional healthcare accessible to citizens who were once cut off because of the perception that quality healthcare is a luxury afforded to only the most privileged Nigerians.
Citizens, irrespective of their socioeconomic status can apply for the scheme and pay an affordable subscription fee, after which members can purchase medication at a massively reduced cost.
A cybersecurity team claims they know PLASCHEMA owns the buckets as the organization’s logos regularly appear throughout each bucket’s contents. As listed in the AWS access lists, the same owner operates all 11 buckets.
Why is This Report In The Public
Helping our readers stay safe when using any website or online product is a priority.
It is rather unfortunate, that most data breaches are never discovered or reported by the companies responsible. So the team behind this exposure decided to do the work and find the vulnerabilities putting people at risk.
The team follows the principles of ethical hacking and stays within the law. They only investigate open, unprotected databases which they find randomly, and they never target specific companies.
By reporting these leaks, they hope to make the internet safer for everyone.
Conclusion
We hope the team responsible for keeping this data safe moves quickly into action and save what is left of this compromise.
Read also: Tips for staying safe online
Another read: why Africa should invest in cybersecurity
