On April 15, 2025, we identified an issue in the access review process for our Data Sharing Community, which is hosted via Microsoft Teams. Due to a temporary misconfiguration, an automated access review email was mistakenly sent to participants in the community rather than being directed only to the designated administrators. This email requested a review of a new member’s access and included only the individual’s email address.
While this caused confusion among some community members, we want to clarify that no sensitive or confidential data was exposed. The only information shared was the email address of the person requesting access. At no time was it possible for community members to access data or documents belonging to other participants. The incident did not result in any unauthorized access or data breach.
The misconfiguration was promptly identified and resolved. Access review notifications are once again limited to administrators, as originally intended. We are also reviewing our internal processes to ensure that similar situations do not occur in the future.
We understand the confusion this may have caused and sincerely apologize for any concern. If you have questions or would like further clarification, please contact our support team or your CDQ representative. We appreciate your understanding and continued trust.