Only researchers accessed the exposed 211 call logs – Los Angeles County
There is a follow-up to an incident involving exposed Los Angeles County 211 call logs. The misconfiguration had been discovered by UpGuard and was reported in May.
Now the County has submitted its report to the California Attorney General’s Office. It states, in part:
Our investigation determined that the incident was caused by an employee who inadvertently misconfigured the settings during a recent upgrade, which caused a database file to be accessible from the internet. Our investigation also confirmed that the only unauthorized access was by the security firm who initially reported this incident to us, which access took place between March 14 and April 23, 2018. The security firm has assured us that all copies of the data have been destroyed. Based on our investigation to date, we have no evidence of any misuse of your information.
What Information Was Involved
The database contained information related to a call to 211 LA County that included your name and Social Security number, and driver’s license number provided during the course of the phone call.
Interestingly (to me, anyway), they don’t mention whether any medical information was involved, although UpGuard’s report had provided redacted examples of people calling for help getting resources for mental health issues, etc.