TechCrunch reports that New Jersey-based assistive technology firm AngelSense was disclosed by cybersecurity firm UpGuard to have had its users' personally identifiable information and precise location details exposed online as a result of an unsecured server.
Included in the open internal database — which was secured more than a week after notification — were individuals' names, phone numbers, postal addresses, email addresses, passwords, authentication tokens, credit card details, GPS coordinates, and their associated health information, according to UpGuard researchers.
Additional details regarding the commencement of the data exposure or the number of impacted individuals remain uncertain but AngelSense's database was first seen online in a Shodan search on Jan. 14.
AngelSense CEO Doron Somer also emphasized immediate action to address the unsecured server.
"We note that other than UpGuard, we have no information suggesting that any data on the logging system potentially was accessed. Nor do we have any evidence or indication that the data has been misused or is under threat of misuse," said Somer.
