Security incidents at Nuance and Au10tix expose customer data

US healthcare provider Geisinger Health has announced that a former employee of Nuance Communications Inc. accessed patient data without authorization. This incident has raised concerns about the security of confidential information of hundreds of thousands of people.

Nuance, a voice biometrics provider acquired by Microsoft in 2021, provides Geisinger with employee authentication services.

On November 29, 2023, Geisinger discovered that a former Nuance employee had accessed certain Geisinger patient data just two days after his termination. Geisinger notified Nuance, which revoked the former employee’s access to the patient records. An investigation was launched and law enforcement was involved, but asked Nuance to delay notifying patients so as not to hinder the investigation. The former Nuance employee has since been arrested and is facing trial in federal court.

No payment information or social security numbers were retrieved, but the announcement does not refer to biometric data.

This breach highlights the vulnerabilities of the third-party services that some healthcare providers rely on.

Au10tix under surveillance for disclosing its credentials

In a similar security breach, Au10tix exposed a number of administrative credentials online for over a year, 404 Media reports. This exposure potentially allowed hackers to access sensitive data. Au10tix verifies identities for companies like TikTok, Uber, and X, and boasts clients like Fiverr, PayPal, Coinbase, LinkedIn, and Upwork. Some of these companies confirmed to 404 Media that they have actively or in the past used Au10tix’s services.

Au10tix’s services include verifying ID documents using selfie biometrics, conducting real-time biometric liveness detection video streams, and age verification through facial analysis. The information exposed includes driver’s licenses and ID numbers, according to the report.

The exposure of administrator credentials raises concerns about the security protocols of companies entrusted with processing sensitive personal data. The company also recently announced new features for its digital identity verification and management platform.

“Organized criminal groups are increasingly using AI to commit large-scale, coordinated identity fraud,” says Dan Yerushalmi, CEO of Au10tix, in the company’s latest fraud report.

As the investigation continues, Nuance and Au10tix’s security practices will likely come under increased scrutiny.

Article topics

AU10TIX | biometrics | cybersecurity | data protection | data security | digital identity | Microsoft | Nuance Communications