Wired reports that sensitive documents about the UK’s Coronavirus-tracing app have been carelessly leaked via a publicly accessible Google Drive link.
According to the report, the leaked roadmap of NHS’s controversial Covid-19 tracing app reveals that it could soon show users’ health “status” and ask individuals to share their precise location data:
One document titled ‘Product Direction: Release One’ and marked as ‘OFFICIAL – SENSITIVE’, includes a series of slides showing the app’s future development roadmap. The documents also reveal that officials within the NHS and Department of Health and Social Care are worried that the app’s reliance on unverified diagnoses could be open to abuse and lead to “public panic” that puts extra pressure on the health service.
The documents, which are hosted in Google Drive, were inadvertently left open for anyone with a link to view. Links to the documents were included in others published by the NHS covering the privacy protections in the contact tracing app. Other documents linked to in the document could not be accessed without approval.
There’s significant concern already about how data collected by the UK’s controversial “centralised” app will be secured. One hopes that this easily-avoidable goof isn’t a sign of things to come.
Someone working on the project might want to remind themselves of how you can share files on Google Drive with specific people, rather than with any old Tom, Dick, or Harry.
The UK’s Coronavirus tracing app is being headed up by Dido Harding, who you may recall was the CEO during TalkTalk’s disastrous data breach.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
4 comments on “Info on NHS Coronavirus app leaks out via Google Drive snafu”
Why would they store sensitive data on "someone else's computer"?
Oh boy! Can't wait to get this app, specially with Dido Harding heading it up. Gotta be safe as houses. Yeah, right!
I just got this on FaceBook – https://pesacheck.org/false-data-from-leaked-email-and-password-databases-belonging-to-the-who-is-not-from-a-new-hack-184bb21d97de
Apparently, the emails etc. are from a 2016 hack.
I had the track and trace google / NHS app installed on my tablet unknown to me. How is this possible. I never asked, authorized it or was told.
I have contacted Asus who pre-install Google service which i can't get rid of but no response as yet. I am unable to find a contact email address for Google but came across your blog.
I would be interested to know how many other people have had this as its a complete breach of privacy. The app is supposed to be voluntary anyway.
I'm not very techy so could you spread the word. I don't do social media either.