Insulet Corporation, a medical device company headquartered in Massachusetts suffered a data breach incident that affected about 29,000 individuals.
The configuration of web pages used for receipt verification exposed some limited personal information to certain Insulet website performance and marketing partners.
The unique URL for each customer included the customer’s IP address, whether the customer is an Omnipod DASH user, and whether the customer has a Personal Diabetes Manager.
TPRM report: https://scoringcyber.rankiteo.com/company/insulet-corporation
"id": "ins163722123",
"linkid": "insulet-corporation",
"type": "Data Leak",
"date": "01/2023",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '29,000',
'industry': 'Healthcare',
'location': 'Massachusetts',
'name': 'Insulet Corporation',
'type': 'Medical Device Company'}],
'attack_vector': 'Configuration Issue',
'data_breach': {'number_of_records_exposed': '29,000',
'type_of_data_compromised': ['IP address',
'Omnipod DASH user status',
'Personal Diabetes Manager '
'status']},
'description': 'Insulet Corporation, a medical device company, suffered a '
'data breach incident that exposed limited personal '
'information of about 29,000 individuals through a '
'configuration issue in web pages used for receipt '
'verification.',
'impact': {'data_compromised': ['IP address',
'Omnipod DASH user status',
'Personal Diabetes Manager status']},
'title': 'Insulet Corporation Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Web Page Configuration'}