Included in the openly available data are name, address, social security number, phone number, email address and Covid status. All sorts of damage could have been caused with this data, the data protection NGO Epicenter Works warns.
The reaction from the Mückstein Ministry caused a stir. When a web developer warned the Ministry of Health about the vulnerability, it was not closed. Instead, the pharmacies in question were simply excluded from “Austria tests”!
There was only a different reaction after the ORF switched on, reports the “Standard”. In a statement, the ministry continued to emphasize its own view that the problem was not the software, but “illegal use of internal documentation systems by an individual pharmacy”. At least one conceded, however, to want to carry out “adjustments” to one’s own software, which is supposed to prevent such access.
According to A1 subsidiary World Direct, which develops the software for the “Austria tests” platform, pharmacy employees could have accessed other test certificates with a simple manipulation. This deficit was corrected immediately after the first information. Above all, however, one knows from the access logs that no data leaks have taken place in this way – apart from the tests of the software developer who detected the security deficit.
