Over a million NHS employee records — including email addresses, phone numbers, and home addresses — were exposed online due to a misconfiguration of the low-code website builder Microsoft Power Pages. In September, researchers with the software-as-a-service security platform AppOmni identified a large shared business service provider for the NHS that was allowing unauthorised access to sensitive data through insecure permission settings on Power Pages.

Source: Security on TechRepublic