According to cybersecurity company UpGuard, the data of 38 million people has been leaked online.
Microsoft Power Apps Data Breach // Webinar
UpGuard disclosed its findings in a blog post indicating that apps built on Microsoft's Power Apps platform had incorrect permission settings, leading to the massive breach.
The data types vary by source, but include COVID-19 vaccination statuses, social security numbers, phone numbers, and millions of full names and email addresses. UpGuard has since notified the 47 different companies and government agencies affected by the breach.
These entities include the Indiana Department of Health, the New York City public school system, American Airlines and Microsoft.
