A recent Fitness Tracking Record Leak exposed 60 million customer records including GPS logs. The impacted organization was New York-based company GetHealth, as identified by WebsitePlanet, together with cybersecurity researcher Jeremiah Fowler.
The majority of data sources were found to have originated from popular brands like Fitbit and Apple’s HealthKit.
Fowler sent a disclosure notice to the company of the security findings. GetHealth responded and the system was secured rapidly. However, the issue brings to the fore the need for robust cybersecurity protection when it comes to sensitive data.
Looking into the incident for Digital Journal ,Pravin Rasiah, VP of Product, CloudSphere, warns about the vulnerabilities presented by many types of health and fitness devices.
Rasiah begins by assessing the extent of personal data captured by wearable devices: “Companies collecting and storing sensitive customer information must be hypervigilant in protecting all of the data they collect.”
With the specific case, ZDNet finds that over 61 million records were contained in the data repository, including vast quantities of user information, including names, dates of birth, weight, height, gender, and GPS logs, among other datasets.
This means consumer beware: “Leaving a database exposed without a password or authentication to prevent unauthorized entry is a surefire way to endanger customer information and potentially damage a brand’s reputation.”
Brands need to do more, says Rasiah. He explains: “It is crucial that enterprises have the ability to identify security flaws in a timely manner so that sensitive data such as names, birthdates and GPS logs stay out of the hands of malicious actors.”
Furthermore: “A missing password is often the result of lack of awareness into the constantly changing cloud environment. Without this visibility, it is far too easy for even basic security measures to lapse or be misconfigured.”
In terms of taking proactive steps to address these issues is important. Rasiah recommends: “Companies should invest in automation for cloud governance that enforces security guardrails via policies that can prevent or remediate issues in real-time.”
