Thousands of Microsoft-stored data records have been exposed by mistake.

According to security firm UpGuard, 38 million records held on a Microsoft server, including private information, were accidentally exposed this year.

According to the digital security company’s analysis, the data, which included names, addresses, bank information, and Covid-19 immunization statuses, was made susceptible – but not breached – before the situation was remedied.

American Airlines, Ford, JB Hunt, and state institutions including the Maryland Department of Health and New York City’s public transportation system were among the 47 companies affected.

They all used a Microsoft tool called Power Apps, which enables the building of public-facing websites and mobile apps.

According to UpGuard, the service’s default software configuration choice meant that the data of the impacted organizations was left unprotected until June 2021.

Microsoft has since implemented adjustments to Power Apps portals as a result of this study initiative, according to the article.

Microsoft stated that it has notified clients when potential security vulnerabilities were discovered so that they could resolve the issues on their own.

A spokesman said, “We take security and privacy seriously, and we encourage our customers to utilize best practices when configuring products in ways that best fit their privacy needs.”

But, according to UpGuard, it would have been wiser to adjust the software’s behavior at the source, based on how customers use it, rather than “labeling systemic loss of data confidentiality as an end user misconfiguration, allowing the problem to persist.”