The personal information of more than 1,6 million potential and existing University of Chicago Medicine donors were exposed by a misconfigured and unprotected ElasticSearch server left open on the Internet without a password. The exposed ElasticSearch cluster contained 1,679,993 records which could have been accessed by anyone who knew where and how to look for it. The database included limited personal information, and there was no exposure of social security numbers, credit card or banking information. ElasticSearch’s developers explained back in December 2013, Elastisearch clusters should only be accessible on the local network to make sure that only the company owning the databases can access the stored data.
Source: https://www.bleepingcomputer.com/news/security/private-info-of-over-15m-donors-exposed-by-uchicago-medicine/