Nuance, Au10tix security incidents expose client customer data

U.S. healthcare provider Geisinger Health has revealed that a former employee of Nuance Communications Inc. accessed patient data without authorization. This incident has raised concerns over the security of sensitive information belonging to hundreds of thousands of individuals.

Nuance, a voice biometrics provider acquired by Microsoft in 2021, provides employee authentication services to Geisinger.

On November 29, 2023, Geisinger discovered that a former Nuance employee had accessed specific Geisinger patient information just two days after their termination. Geisinger notified Nuance, who revoked the former employee’s access to their records. An investigation was initiated, and law enforcement was engaged, but requested that Nuance should delay notifying patients to avoid impeding the investigation. The former Nuance employee has since been arrested and is facing federal charges.

No payment information or Social Security numbers were accessed, but the announcement does not refer to biometric data.

This breach underscores the vulnerabilities in third-party services that some healthcare providers rely on.

Au10tix under scrutiny for credential exposure

In a related security lapse, Au10tix exposed a set of administrative credentials online for over a year, 404 Media reports. This exposure potentially allowed hackers to access sensitive data. Au10tix verifies identities for companies like TikTok, Uber, and X, and boasts clients such as Fiverr, PayPal, Coinbase, LinkedIn, and Upwork. Some of these companies confirmed their active or past use of Au10tix’s services to 404 Media.

Au10tix’s services include verifying identity documents with selfie biometrics, conducting real-time biometric liveness detection video streams, and performing age verification through facial analysis. The information exposed includes driver’s licenses and ID numbers, according to the report.

The exposure of administrative credentials raises concerns over the security protocols in place at companies tasked with handling sensitive personal information. The company also recently announced new features added to its digital identity verification and management platform.

“Organized criminal groups are increasingly using AI to commit large-scale, coordinated identity fraud,” says Dan Yerushalmi, CEO of Au10tix in the company’s most recent fraud report.

As the investigation continues, both Nuance and Au10tix are likely to face increased scrutiny over their security practices.

Article Topics

AU10TIX  |  biometrics  |  cybersecurity  |  data privacy  |  data protection  |  digital identity  |  Microsoft  |  Nuance Communications