AngelSense, a company known for providing assistive technology for individuals with disabilities, suffered a data breach that exposed sensitive customer information. The exposed database, which was unsecured and left accessible without a password, contained detailed personal data from users of the company’s GPS trackers. This included names, addresses, phone numbers, GPS coordinates, health information, and partial payment details. Researchers at UpGuard, a security firm, discovered the exposed database and notified AngelSense over a week before the company secured it.
UpGuard found that the database was publicly accessible through its IP address and could be accessed using just a web browser. Along with the personal data of customers, the exposed logs also contained technical details about the company’s systems. Some of the compromised data included sensitive health information such as conditions like autism and dementia, which could put individuals at risk. However, AngelSense stated there was no evidence of data misuse or unauthorized access to the system.
The breach, first detected on January 14, was not immediately addressed by AngelSense, which initially dismissed the email alert from UpGuard as spam.
It wasn’t until UpGuard contacted the company by phone that AngelSense realized the severity of the issue. After confirming the exposure, the company acted quickly to secure the server and prevent further access. Despite taking action, AngelSense has not yet confirmed how long the database was exposed or the total number of affected customers.
AngelSense’s CEO, Doron Somer, stated that the company was still investigating the breach and had not yet made plans to notify customers whose data was exposed. The company’s response also raised questions about its ability to determine whether the data had been accessed before the issue was discovered. This breach highlights the growing problem of exposed databases due to misconfigurations, and similar incidents have previously affected sensitive government and corporate data.
Reference: