AstraZeneca

Pharmaceutical giant AstraZeneca suffered a data breach incident after it left a list of credentials online for more than a year that exposed access to sensitive patient data.

A developer left the credentials for an AstraZeneca internal server on code-sharing site GitHub in 2021.

Credentials, like usernames and passwords, that are exposed or inadvertently published to sites like GitHub

Source: https://techcrunch.com/2022/11/03/astrazeneca-passwords-exposed-patient-data/

TPRM report: https://scoringcyber.rankiteo.com/company/astrazeneca

"id": "ast2255131222",
"linkid": "astrazeneca",
"type": "Breach",
"date": "11/2022",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'industry': 'Pharmaceuticals',
                        'name': 'AstraZeneca',
                        'type': 'Pharmaceutical Company'}],
 'attack_vector': 'Exposed Credentials',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Sensitive patient data'},
 'description': 'Pharmaceutical giant AstraZeneca suffered a data breach '
                'incident after it left a list of credentials online for more '
                'than a year that exposed access to sensitive patient data. A '
                'developer left the credentials for an AstraZeneca internal '
                'server on code-sharing site GitHub in 2021.',
 'impact': {'data_compromised': 'Sensitive patient data',
            'systems_affected': 'Internal server'},
 'initial_access_broker': {'entry_point': 'GitHub'},
 'post_incident_analysis': {'root_causes': 'Developer error'},
 'title': 'AstraZeneca Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Credentials left on GitHub'}

AstraZeneca

Intelligence and Security Committee (ISC)

Meta

Gladney Centre for Adoption