Skip to Content


Microsoft Power Apps Data Breach Leaks Sensitive Data of 38 Million – Class Action Investigation

September 6, 2021 by  

Ahdoot Wolfson is investigating a potential class action against Microsoft and other entities relating to a data leak which divulged sensitive information for approximately 38 million people. 

According to reports, more than 38 million records from 47 different entities that rely on Microsoft’s Power Apps portals platform were inadvertently left exposed online. The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, Social Security numbers for job applicants, employee IDs, and millions of names and email addresses.

Consumers most affected by what is being called a “platform issue” are those that have done business with governmental bodies like Indiana Department of Health and New York City public schools, and private companies such as American Airlines, Ford, J.B. Hunt, and Microsoft.

Microsoft describes its Power Apps as a “suite of apps, services, and connectors, as well as a data platform, that provides a rapid development environment to build custom apps for your business needs.” The tool is used by developers to build applications that share data locally or with the cloud.

Cybersecurity company UpGuard Research has indicated that Microsoft’s Power Apps management portal had inadvertently leaked the data, finding that Microsoft’s Power Apps platform was flawed in the way it forced customers to configure their data as private or public. 

Microsoft and the various other entities that exposed sensitive consumer PII may be in violation of consumer protection and data privacy laws. If you believe you have been impacted by the Microsoft Power Apps data breach, please fill out the form below and one of the attorneys at Ahdoot Wolfson will promptly contact you.

MSFT Power Apps Data Breach