News > Internet & Security 25 25 people found this article helpful Data Leak in Microsoft Power Apps Exposes 38 Million People's Records The data leak includes COVID-19 vaccination status By Cesar Cadenas Cesar Cadenas Twitter Writer California State University - Long Beach Cesar Cadenas has been writing about the tech industry since 2016 on a variety of topics like cryptocurrency, video games, the latest gadgets, and much more. lifewire's editorial guidelines Updated on August 24, 2021 03:35PM EDT Fact checked by Rich Scherr Fact checked by Rich Scherr Twitter University of Maryland Baltimore County Rich Scherr is a seasoned technology and financial journalist who spent nearly two decades as the editor of Potomac and Bay Area Tech Wire. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming The records of 38 million people have been leaked online, according to cybersecurity firm UpGuard. UpGuard disclosed its findings on a blog post revealing that apps created on Microsoft’s Power Apps platform had improper permission settings, which led to the massive leak. Teera Konakan/Getty Images The data types vary between sources, but include COVID-19 vaccination statuses, Social Security numbers, phone numbers, and millions of full names and email addresses. UpGuard has since notified the 47 different companies and government entities that were affected by the leak. These entities include the Indiana Department of Health, the New York City public school system, American Airlines, and Microsoft. Power Apps is a service and platform that allows customers to make their own apps and offers application programming interfaces (APIs) that allow these organizations to use the data they collect. However, the information obtained through these APIs is made public by default, and unless privacy settings are enabled, anonymous users can freely access this data. Microsoft has implemented two fixes to remedy the problem: table permissions have been made default, and a new tool has been added to help users self-diagnose their apps to find any security flaws. Erik Isakson/Getty Images The firm still recommends that Microsoft implement “code changes” to the platform to ensure a data breach doesn’t happen again. UpGuard posted its findings in the hopes that leaders in the tech industry learn from this massive leak and help mitigate future incidents. Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Email Address Sign up There was an error. Please try again. You're in! Thanks for signing up. There was an error. Please try again. Thank you for signing up! Tell us why! Other Not enough details Hard to understand Submit