A massive data leak has exposed sensitive personal information belonging to healthcare workers across the UK.
The unsecured database, containing nearly 8 million files and totaling 1.1 terabytes, was discovered without password protection or encryption, raising serious concerns over data privacy and security in the healthcare sector.
The records included high-resolution images and PDF documents of work authorization forms, national insurance numbers, certificates, electronic signatures, timesheets, and government-issued IDs. The data was organized across 656 directories, many linked to healthcare providers, recruitment agencies, and temp services.
Initial analysis revealed that the database likely belonged to Logezy, a UK-based employee management and tracking software provider. Following a responsible disclosure notice sent to the company, public access to the database was swiftly restricted. However, it remains unclear whether Logezy or a third-party contractor was directly managing the data or how long the data had been publicly accessible before discovery.
Logezy’s platform is marketed as a cloud-based tool designed to streamline staffing, compliance, payroll, and employee data management. Despite claims of supporting multiple industries, the exposed sample exclusively contained data related to healthcare professionals.
The incident highlights a growing concern in the UK’s healthcare industry, where 79% of providers have reported at least one data breach since 2021. A Digital Health report also notes a 22% year-over-year increase in reported breaches and a 14% rise in accidental data leaks by employees.
While there’s no confirmation of malicious access in this particular incident, the exposure of such a vast volume of personally identifiable information (PII) could have serious implications if exploited by cybercriminals.
