French healthcare software company Apodis Pharma leaked over 1.7 TB of confidential data

French healthcare software company Apodis Pharma leaked over 1.7 TB of confidential data

The French digital supply chain management and software solutions provider Apodis Pharma exposed a massive trove of confidential business-related data, including pharmaceutical sales data, full names of Apodis Pharma partners and employees, and more.

The leak was discovered by the CyberNews researchers who found an unsecured, publicly accessible Kibana dashboard of an ElasticSearch database containing over 1.7 TB of data. The exposed database included several archives with information related to pharmaceutical shipments (shipment storage status, the precise times and locations of where the shipments have been picked up by sellers or distributors, as well as the quantity of pharmaceuticals in the shipments), partner and client organizations, products stored in Apodis Pharma client warehouses, confidential product sales data, user records (including full names of people who appear to be Apodis Pharma clients, partners, and employees), and consumer and client data visualizations and analytics.

At present, it is not clear who had access to the exposed data, however, the researchers said that the database has already been indexed on at least one popular IoT search engine meaning that the data has likely been accessed and downloaded by third parties.

The investigation team said they discovered the database on October 22 and attempted to contact Apodis Pharma over the issue, but without success. The team then reached out to CERT France in order to help secure the database, but more than two weeks later, the database was still publicly accessible. Eventually, the researchers contacted directly the Apodis Pharma CTO Mathieu Bolard on November 16, and the database was secured the following day.

Back to the list

Latest Posts

US agencies warn of rising cyber threats from Iran-linked hackers

US agencies warn of rising cyber threats from Iran-linked hackers

Recent months have seen a notable uptick in activity from Iranian-linked hacktivists and government-affiliated threat groups.
1 July 2025
Google rolls out urgent Chrome security patch for active zero-day

Google rolls out urgent Chrome security patch for active zero-day

The flaw, tracked as CVE-2025-6554, is described as a type confusion bug in Chrome's V8 JavaScript and WebAssembly engine.
1 July 2025
Canada bans Chinese surveillance firm Hikvision over national security concerns

Canada bans Chinese surveillance firm Hikvision over national security concerns

From now on, all federal departments, agencies, and Crown corporations are prohibited from purchasing Hikvision products.
1 July 2025