A private health clinic has had its patient database breached, with details on adult pornographic actors released to a Wiki:eaks-style website.
According to Gawker, a database belonging to AIM Medical, which conducts the majority of STD tests for the porn industry, ‘was victimised and hacked', according to spokeswoman Jennifer Miller.
Talking to NBC Los Angeles, Miller said that the clinic was aggressively investigating the leak. “I can't stress enough, we're victims of a crime. Just like the Pentagon and the FBI, we have been victimised and hacked. We are investigating and we will press all charges."
The breach was first reported by porn gossip blogger Mike South, who said that he was contacted by a number of performers who had become aware of information posted on a website called Porn WikiLeaks.
He said: “If you have ever tested at AIM or any of AIM's satellite draw stations, all of your information is now in the hands of people who shouldn't have it. If you have ever tested at AIM you may want to call them, or better yet send them a certified letter demanding that all of your info be removed from their database.
“Even though the damage is done, it is clear that AIM has no direct knowledge of how it happened so it could and probably will happen again. I doubt that AIM actually sold the database, more likely it is just a case of lack of security, allowing someone who shouldn't have had access to be able to dump the whole database, likely with address and birthdate and other info, as well as name.”
Gawker speculated that 15,000 names were on the list, proving that this could be an archive of data, as there are only around 1,200-1,500 performers currently working in the US industry.
AIM has been described as a crucial resource for directors, as it is used to make sure that performers' HIV tests are up-to-date and has played a significant part in containing HIV-outbreaks in 2004 and 2010.
The clinic is not without controversy, it was briefly shut down by LA County health officials after it was discovered to be running without a proper licence, while last year, two former adult actresses sued AIM over the very STD test database that has been leaked, arguing it violated California patient privacy law.
Josh Shaul, CTO of Application Security, said: “Databases are where an organisation's crown jewels reside and they are often a target of attacks. It's the responsibility of the company to ensure that this critical data is secured from internal and external threats. In this case, the attackers most likely were not accessing this data for social security and credit card numbers, but more of a malicious attack to expose or sell this delicate health information.
“We see many cases in healthcare organisations where employees are caught accessing files they shouldn't be, because of curiosity, financial gain or malice. Some small steps that can provide big protection are to ensure database patches are up to date, using complex passwords and making sure all default username and password combinations are changed immediately; and adhering to the principle of least privilege, granting the minimum privileges necessary for employees to perform their job, and nothing more, can vastly improve an organisations security posture.”