UPDATED: SEP 18, 2020, AT 18:15

UPDATED: Coronavirus app reveals personal data, IT security firm found

The data of hundreds of thousands of patients who got tested for COVID-19 were at risk.

Mobile phone, illustrative stock photoMobile phone, illustrative stock photo (Source: TASR)

The data of clients in the Moje eZdravie app has been critically vulnerable.

The Nethemba IT security firm published a blog post on Thursday claiming that it was able to extract information about more than 130,000 patients who got the COVID-19 test in Slovakia, including their personal identification numbers (birth number) and the results of their coronavirus tests.

According to Nethemba, the data of 390,000 patients were in danger.

The Moje eZdravie app is the official app with information about the coronavirus in Slovakia that allows users to communicate with state authorities, particularly if they suspect they might have been infected with the novel coronavirus.

The ethical hackers from Nethemba reported they have downloaded and analysed a large sample of random data to find that it is from unique records. Based on numeric identificators they have found at least 391,250 valid records, including freshly recorded data about the tested patients.

The leaked information includes the name, surname, personal identification number, date of birth, sex, mobile phone number, place of residence, and e-mail address of those tested.

"This can be abused for sophisticated targeted social engineering attacks, like phishing," the blog of Nethemba reads.

The ethical hackers have also been able to access information about the result of the persons' COVID test, health insurer information and the name of the lab that performed the test.

Nethemba notified the providers about the error in the app and only reported about it once it was fixed on September 16 by 16:50.

Lawyer Peter Kováč from the Kinstellar law firm explained that this was a cyber security incident as well as a violation of personal data protection. The National Health Information Center (NCZI) that runs the app now has to report the violation to the Office for Personal Data Protection.

"The affected persons should be notified too," Kováč told the TASR newswire. In this case, when hundreds of thousands of people are at stake, it is necessary to make sure that the public is informed about the incident.

Kováč expects the leak to result in a high fine.

Officials admit there was a problem

The National Health Information Center admitted that there was a bug in the Moje eZdravie app.

The app’s vulnerability has been eliminated, confirmed NCZI on September 18. Its head Peter Bielik admitted that if the problem had not been discovered there may have been some damage.

The Nethemba company, which had pointed to the problem, promised it will not misuse the obtained data of tested people.

Get daily Slovak news directly to your inbox

Top stories

News digest: Slovakia to spend three Advent weekends with testing. President wants it to be voluntary

Seven candidates for the general prosecutor post approved. Acting general prosecutor steps down.

Installation of Christmas tree in Trnava

Who was behind the sale of one of the biggest banks in Slovakia

The largest law firms were involved in several innovative projects, too.

UK nationals in Slovakia advised to take action as end of transition period nears

UK Nationals should check the British Embassy's "Living in Guide" for the most up-to-date information.

Illustrative stock photo

Three rounds of testing should take place before Christmas

The first round will be nationwide and should take place in two weeks.