The California Office of the Attorney General reported a data breach involving Zocdoc, Inc. on May 20, 2021. The breach involved unauthorized access to the personal information of users, including names, email addresses, phone numbers, and appointment histories, due to programming errors that allowed staff members at medical practices to access the Provider Portal after authorization changes were made.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-541087
TPRM report: https://www.rankiteo.com/company/zocdoc
"id": "zoc244072625",
"linkid": "zocdoc",
"type": "Breach",
"date": "5/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Zocdoc, Inc.',
'type': 'Company'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'personally_identifiable_information': ['names',
'email addresses',
'phone numbers'],
'type_of_data_compromised': ['names',
'email addresses',
'phone numbers',
'appointment histories']},
'date_detected': '2021-05-20',
'date_publicly_disclosed': '2021-05-20',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Zocdoc, Inc. on May 20, 2021. The breach '
'involved unauthorized access to the personal information of '
'users, including names, email addresses, phone numbers, and '
'appointment histories, due to programming errors that allowed '
'staff members at medical practices to access the Provider '
'Portal after authorization changes were made.',
'impact': {'data_compromised': ['names',
'email addresses',
'phone numbers',
'appointment histories']},
'post_incident_analysis': {'root_causes': 'Programming Errors'},
'references': [{'date_accessed': '2021-05-20',
'source': 'California Office of the Attorney General'}],
'title': 'Zocdoc Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Programming Errors'}