Data Breach at Microsoft: 38 Million Records Exposed Including COVID-19 Vaccination Records

Microsoft is the latest tech giant to disclose details of a massive data breach, potentially exposing 38 million customer records.

Microsoft has revealed a data breach of its Power Apps portal that has exposed 38 million records.

This includes COVID-19 contact tracing, vaccination registrations and statuses, employee databases with details such as home addresses and phone numbers and social security numbers.

Many large corporations and public sector organisations have been directly impacted

The scale of vulnerability affected more than 1,000 web apps, including those for New York City public schools. Unfortunately, that’s not all: Ford Motor Company was also affected by the data breach. The Indiana Department of Health is another victim who had their information compromised in this Microsoft data breach.

With so many people at risk of identity theft or even worse, the release of these private records from Microsoft’s Power Apps portal app will surely be an outcry demanding accountability from the company.

Some employees at the affected organizations tried to use data breach notification services such as HaveIBeenPwned, but they could not find their personal information within the database. Although this is a good sign initially, there is no guarantee that user data won’t appear across the dark web in the coming days and months, as a result of this breach.

Microsoft knew of the issue as early as 2018

According to The Register, Microsoft is aware of the problem and has started notifying those who this serious incident has impacted.

In addition, at least one company is believed to have filed a class-action lawsuit against the tech giant.

The Power Apps data breach was discovered by researchers at German software developer Digital Interruption (DI). DI’s security chief disclosed that he had warned Microsoft of the vulnerability within its system back in December 2018 but received no response from the company.

The firm claims that Microsoft’s security team was aware of the breach for six months but seemingly did nothing to address it.

DI claims that the vulnerability is still present within Power Apps even though Microsoft has taken steps to remove some public data from its servers following DI’s disclosure of the flaw earlier this month. However, Digital Interruption says that only a few data fields have been removed, and the sensitive information remains in Microsoft’s servers.

Another stark warning to organisations against the threat of multifaceted hacks and attacks

Earlier this month T-Mobile disclosed details of a similar breach that exposed 40 million user records to hackers.

It is yet another severe warning to IT organizations worldwide: they need to be aware that cloud services are not infallible. It’s more likely than ever before that these sorts of data breaches will occur due to an increasing reliance on cloud services by companies everywhere.

Microsoft has yet to comment further on the security breach.

T-Mobile Data Breach Exposes the Personal Data of 40 Million US Customers.

What can we learn from the T-Mobile data breach and how can your business mitigate security risk?

Read More

Reporting Consultancy

We provide insights and commentary so you can truly understand website and campaign performance and plan killer optimisations.

App & Mobile Analytics

Digital Analytics Consultancy

Let’s turn your Web Analytics data into insight. Our certified web analytics team have vast expertise across Google Analytics, Google Analytics 360, Adobe Analytics and Tag Management Systems.

Data Strategy

Every business needs a data strategy to understand the needs of their company and make smart technology decisions.

Data Strategy

Business Intelligence

Powerful Business Intelligence solutions that allows for seamless integration of your key data sets, automated and in the hands of your business decision makers.

Business Intelligence

Tag Implementation

With up to 150 tags on some website, Molzana’s tag management and implementation services ensure that your data gets collected while your website remains unaffected.

Report Automation & Dashboards

Elegant and automated, Molzana’s reporting team can create amazing dashboard and report solutions to help your business get to insights and decisions quicker.

Report Automation & Dashboards

Visitor Behaviour

Understanding visitor behavior is vital to understanding how visitors interact with website content and marketing channels.

Visitor Behaviour

Consumer Insight

Consumer Trends & Insight hold the key to understanding your audience. Beyond simple reporting, Molzana can help turn your insight into action.

Consumer Insights

App & Mobile Analytics

We assist in providing powerful insight into iOS, Android & Windows Apps as well as Mobile Websites.

App & Mobile Analytics

Marketing Optimisation

We scrutinise user behaviour, audiences, ad copy and landing pages to improve performance.

Data Strategy

Getting Ready For Google Analytics 4 (GA4)

Get UK based expert support in implementing GA4 tracking for your website and avoid losing valuable data before July…

Solutions for Start-Ups

Conversion Rate Optimisation (CRO) Consultancy

Conversion Rate Optimisation is essential for ensuring your site performs in terms of driving sales, leads or sales development.

Report Automation & Dashboards

Data Science

We take your historic data to look into the future with pinpoint accuracy.

Contact Molzana


Digital Analytics, SEO & CRO Agency

London & Manchester.

Get in Touch

Telephone: +44 (0) 20 8938 3136

London: 32 Cubitt St, London WC1X 0LR
 5 Piccadilly, Aytoun St, M1 3BR
 15-16 Queen Street, EH2 1JE

Molzana Logo Blue

  • This field is for validation purposes and should be left unchanged.