Cybersecurity

Healthcare workwear company Scrubs & Beyond leak exposed customer data, researcher says

Cybersecurity researcher Anurag Sen discovered the leak.
article cover

Scrubs/ABC via Giphy

· less than 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

A database operated by healthcare workwear company Scrubs & Beyond recently exposed purchaser data, according to cybersecurity researcher Anurag Sen.

Information revealed included full names, phone numbers and emails, credit card numbers and CVV/expiration, and more, Sen told IT Brew. The server was offline Tuesday, but had been online as recently as Monday afternoon, Sen said. HackRead reported that the breach was first detected on May 25; the database was exposed on May 16.

Sen, who previously revealed the Amazon Prime hack in October and the DOD hack in February, believes as many as 100,000 customers may have been affected.

Scrubs & Beyond and its parent company, Kindthread, did not immediately respond to requests for comment from IT Brew.

The popular apparel company primarily serves nurses and doctors in the US and has more than 120 stores across the country.

“The company is not that big but the details here belong to the doctors and nurses of the US,” Sen told IT Brew in a text. “Also their payment information including physical address which can cause lots of damage in bad actor hands.”

The database was accessible by its IP address. Personal information on the server was visible and accessible by members of the public. HackRead reported that anyone with working knowledge of tools like open source search engine Shodan could download the information.

“The server is an elastic server which got left exposed due to misconfiguration by the company,” Sen said.

He told IT Brew that Scrubs & Beyond did not respond to his attempts to alert the company to the vulnerability, though the server was offline Tuesday, he said.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.