LOGO

Data Breach: Medical Email Exposes Customer Data

July 1, 2021
Topics:AlphabetapiBiotech & Healthcomputingdata breachemailMicrosoftone medicaloutlook.comPrivacySan FranciscoSecuritysecuritywebmail
Data Breach: Medical Email Exposes Customer Data

One Medical Apologizes for Email Address Exposure

One Medical, a primary care provider, has issued an apology following an incident where an email sent to its customers inadvertently revealed the email addresses of hundreds of individuals.

The email, dispatched on Wednesday, requested users to “verify your email.” However, a copy reviewed by TechCrunch displayed over 980 email addresses in the recipient list.

The Cause of the Exposure

The issue stemmed from One Medical’s failure to utilize the bcc: (blind carbon copy) field when sending the mass email. This omission resulted in all recipients having visibility of each other’s email addresses.

Numerous customers voiced their concerns and understanding on Twitter, acknowledging the incident as an apparent oversight. Reports indicated that the number of exposed email addresses varied among the emails received.

We reached out to One Medical to ascertain the total number of affected customers and whether the company intends to report the incident to relevant state authorities, as mandated by certain data breach notification regulations. A response was not immediately received.

One Medical’s Response

In a statement released via Twitter, One Medical confirmed the error. They stated: “We are aware that emails were sent to some of our members that exposed recipient email addresses. We apologize for any concern this may have caused.”

The company further assured customers that an investigation had been conducted, confirming the incident was not the result of a security breach within their systems. They pledged to implement measures to prevent similar occurrences in the future.

Impact and Context

While this security lapse is relatively minor compared to breaches involving sensitive data like passwords or financial information, the exposure of email addresses can still be exploited to identify One Medical customers.

One Medical, which is financially supported by Alphabet – Google’s parent company – became a publicly traded company last year, shortly before the onset of the COVID-19 pandemic.

Further Reading

  • Alphabet-backed primary care startup One Medical files to go public
  • One Medical’s IPO will test the value of tech-enabled startups
  • Passwordstate users warned to ‘reset all passwords’ after attackers plant malicious update
  • Indian tech startup exposed Byju’s student data
  • Peloton’s leaky API let anyone grab riders’ private account data
#data breach#email exposure#medical data#privacy#security#customer data

Related Posts

Inito AI Antibodies: Expanding At-Home Fertility Testing

Inito AI Antibodies: Expanding At-Home Fertility Testing

Brain Fitbit: Startup Tackles Chronic Stress with Wearable Tech

Brain Fitbit: Startup Tackles Chronic Stress with Wearable Tech

Max Hodak's New Venture: Beyond Neuralink

Max Hodak's New Venture: Beyond Neuralink

Smart Toilet Camera Encryption Flaws | Security Concerns

Smart Toilet Camera Encryption Flaws | Security Concerns

Bryan Johnson Shrooms Trip: A Livestreamed Spectacle

Bryan Johnson Shrooms Trip: A Livestreamed Spectacle

Function Health Raises $298M Series B at $2.5B Valuation

Function Health Raises $298M Series B at $2.5B Valuation