Due to human error, confidential customer data of the international pharmaceutical company AstraZeneca was in the public domain.
Mossab Hussain, director of security at SpiderSilk, said that in 2021, the developer left the credentials for the AstraZeneca internal server on GitHub. These credentials allowed access to the Salesforce test cloud environment that businesses often use to manage their customers, but the test environment contained some patient data.
Let me remind you that we also wrote that Russian hackers tried to steal COVID-19 research data, as well as that Many Repositories on GitHub Are Cloned and Distribute Malware.
The disclosures relate to the AZ&ME program, which provides discounts to patients who need drugs. TechCrunch reported the situation to AstraZeneca, and a few hours later the GitHub repository containing the credentials became unavailable.
Barth declined to elaborate on why patient data was stored in the test environment and whether AstraZeneca has logs to determine if anyone had access to the data and what data was deleted.
Mossab Hussein
AstraZeneca is a British-Swedish pharmaceutical company registered in the UK. In the 2021 Forbes Global 2000 list of the largest public companies in the world, AstraZeneca was ranked 161st (343rd by revenue, 200th by net income, 545th by assets and 98th by market capitalization). As of March 2022, the company’s capitalization amounted to £145 billion. It is included in the list of the largest pharmaceutical companies in the world (13th place).
