At least 38 million records have been leaked by hundreds of online portals that were unwittingly misconfigured by organizations using Microsoft’s Power Apps service. The exposed data included personal information related to vaccine booking appointments, drug test dates, Social Security numbers, COVID-19 tests, employment and payroll-related information. American Airlines, Ford Motor Co., J.B. Hunt, the Maryland Department of Health, the state of Indiana, New York City’s Municipal Transportation Authority, NYC Schools and even Microsoft. Microsoft has now changed a default setting in Power Apps to make using the service more secure.”]