UPDATED: SEP 18, 2020, AT 18:15

UPDATED: Coronavirus app reveals personal data, IT security firm found

The data of hundreds of thousands of patients who got tested for COVID-19 were at risk.

Mobile phone, illustrative stock photoMobile phone, illustrative stock photo (Source: TASR)

The data of clients in the Moje eZdravie app has been critically vulnerable.

The Nethemba IT security firm published a blog post on Thursday claiming that it was able to extract information about more than 130,000 patients who got the COVID-19 test in Slovakia, including their personal identification numbers (birth number) and the results of their coronavirus tests.

According to Nethemba, the data of 390,000 patients were in danger.

The Moje eZdravie app is the official app with information about the coronavirus in Slovakia that allows users to communicate with state authorities, particularly if they suspect they might have been infected with the novel coronavirus.

The ethical hackers from Nethemba reported they have downloaded and analysed a large sample of random data to find that it is from unique records. Based on numeric identificators they have found at least 391,250 valid records, including freshly recorded data about the tested patients.

The leaked information includes the name, surname, personal identification number, date of birth, sex, mobile phone number, place of residence, and e-mail address of those tested.

"This can be abused for sophisticated targeted social engineering attacks, like phishing," the blog of Nethemba reads.

The ethical hackers have also been able to access information about the result of the persons' COVID test, health insurer information and the name of the lab that performed the test.

Nethemba notified the providers about the error in the app and only reported about it once it was fixed on September 16 by 16:50.

Lawyer Peter Kováč from the Kinstellar law firm explained that this was a cyber security incident as well as a violation of personal data protection. The National Health Information Center (NCZI) that runs the app now has to report the violation to the Office for Personal Data Protection.

"The affected persons should be notified too," Kováč told the TASR newswire. In this case, when hundreds of thousands of people are at stake, it is necessary to make sure that the public is informed about the incident.

Kováč expects the leak to result in a high fine.

Officials admit there was a problem

The National Health Information Center admitted that there was a bug in the Moje eZdravie app.

The app’s vulnerability has been eliminated, confirmed NCZI on September 18. Its head Peter Bielik admitted that if the problem had not been discovered there may have been some damage.

The Nethemba company, which had pointed to the problem, promised it will not misuse the obtained data of tested people.

Get daily Slovak news directly to your inbox

Top stories

Threats have worked. People queued for COVID testing before the official start

The nationwide testing in Slovakia started with four districts in the north. Here is a report from the first day in Orava.


Day two of pilot testing in hardest-hit regions is off to a smoother start

PM Igor Matovič and Health Minister Marek Krajčí are helping the sampling teams, too.

Trstená, the Tvrdošín district

Foreigner's Police will be closed during the lockdown

Those who have booked appointments from October 26-30 must reschedule.

The Foreigners' Police department in Dunajská Streda.

No test, no work. Employees will have to take paid or unpaid leave

Those who will be quarantined with a positive test result will be entitled to pandemic sick leave.

Illustrative stock photo