Pharmaceutical giant AstraZeneca suffered a data breach incident after it left a list of credentials online for more than a year that exposed access to sensitive patient data.
A developer left the credentials for an AstraZeneca internal server on code-sharing site GitHub in 2021.
Credentials, like usernames and passwords, that are exposed or inadvertently published to sites like GitHub
Source: https://techcrunch.com/2022/11/03/astrazeneca-passwords-exposed-patient-data/
TPRM report: https://scoringcyber.rankiteo.com/company/astrazeneca
"id": "ast2255131222",
"linkid": "astrazeneca",
"type": "Breach",
"date": "11/2022",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'Pharmaceuticals',
'name': 'AstraZeneca',
'type': 'Pharmaceutical Company'}],
'attack_vector': 'Exposed Credentials',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive patient data'},
'description': 'Pharmaceutical giant AstraZeneca suffered a data breach '
'incident after it left a list of credentials online for more '
'than a year that exposed access to sensitive patient data. A '
'developer left the credentials for an AstraZeneca internal '
'server on code-sharing site GitHub in 2021.',
'impact': {'data_compromised': 'Sensitive patient data',
'systems_affected': 'Internal server'},
'initial_access_broker': {'entry_point': 'GitHub'},
'post_incident_analysis': {'root_causes': 'Developer error'},
'title': 'AstraZeneca Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Credentials left on GitHub'}