A data breach affecting the Nigerian organisation Plaschema (Plateau State Contributory Health Care Management Agency) exposed the personal data of thousands of citizens, according to the findings of the Website Planet research team.

Plaschema manages Plateau State Universal Health Care, a program designed to bring affordable healthcare to Plateau State, a region in Central Nigeria.

Eleven of Plaschema’s buckets were left unsecured without any authentication or encryption controls in place. As such, the organisation’s buckets exposed over 75 000 files totaling around 45Gb of data.

Each unsecured bucket contained PII belonging to program applicants from a different city located in Plateau State.

Among other files, the open buckets contained ID cards that exposed a range of applicant PII.

Based on the volume of these files, Website Planet estimates that over 37 000 people are affected by Plaschema’s data incident.

Website Planet researchers discovered Plaschema’s buckets, left in open form, without any encryption or password protection, as part of its web mapping project.

It has notified the Nigerian government and Nigerian CERT.