Torsion Information Security Blog

Exploring the business and technical implications of information security.

Security breach of secret Covid-19 contact tracing app plans could have been prevented with Torsion

Security breach of secret Covid-19 contact tracing app plans could have been prevented with Torsion Torsion Information Security

News site Wired has revealed secret plans for the NHS Covid-19 contact tracing app after the documents, which are hosted in Google Drive, were inadvertently left open for anyone with a link to view.

One document titled ‘Product Direction: Release One’ and marked as ‘OFFICIAL – SENSITIVE’, includes a series of slides showing the app’s future development roadmap which included sensitive notes and information.

The documents, published by the NHS and hosted on Google Drive, were accessible through the tracing app’s Data Privacy Impact Assessment, and could be viewed anonymously by anyone with access to a link.

Peter Bradley, CEO of Torsion Information Security says: “Public security breaches like this cause considerable damage not just in terms of the data being released but also on the individual personnel and the organisations brand.

“At Torsion, our software uses the latest in machine learning to integrate with collaboration systems to alert members of staff to any potential security risks.

“Let’s take this specific example. The document was dated March 25 but a member of staff was viewing it on May 12. That’s nearly seven weeks the sensitive information was in the public domain. Firstly, with Torsion any files or folders containing private or sensitive information would be tagged as such and if permissions were not verified, Torsion simply wouldn’t allow the file to be published i.e. the information would not have been public in the first instance.

“Secondly, any file access that looked suspicious would send an alert to the person who owned the file or folder and all access would be shut down immediately. Access would only be reopened once the owner had verified the security risk and permissions.

“In this day and age, and with technology such as Torsion available, high profile security breaches are easily avoidable. It makes life so much easier for business users and takes the pressure off everybody involved. It’s not viable to expect every team member, or their IT team, to manage their permissions manually. There’s simply too much data out there. There has to be an element of automation to make this work and that’s what Torsion delivers.

“With Torsion, you can be confident that your data is secure and at any one time, you can see who has access to what, when and why. Compliance and data security then becomes part of the woodwork and security breaches can be avoided.”



Stay up to date!

Sign up to get Torsion news directly to your inbox in handy bite size chunks.

I want to know more
close slider

Sounds interesting, send me a bit more info...