Privacy Breach Could Affect 650K Canadians Using COVID-19 Passport App

Exploit: Data Breach, Misconfiguration
Company: Portpass
Industry: Technology, Vaccine Passport Platform
Source: https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749

Hundreds of thousands of registered users of the Canadian proof-of-vaccination app Portpass may have had their personal data exposed as the app’s website was left unsecured. According to CBC news, an anonymous tipster reported the problem to the news agency’s website, exposing the fact that Portpass had left all of the data unencrypted. This means that anyone could view the information in plain text.

CBC verified that accessible data included email addresses, names, blood types, phone numbers, birthdays, driver’s licenses, passports and other photo identification. With over 650, 000 users across Canada, the extent of this data leak could be vast. The company claimed the data was only exposed for a few minutes, however, investigative reporting has shown otherwise.

A formal investigation is sure to be underway shortly as the company is still planning to notify federal authorities as well as the Alberta privacy commissioners (at the time of this article the Alberta privacy commissioner’s office and federal privacy commissioner both said they have not yet received a report from Portpass).

Protect Your Business Against Modern Cyber Threats

More than ever, organizations of all sizes have been facing a historical rise in cyber attacks and data breaches. Talk to a cyber security expert today and find out how we can provide expert consulting and a portfolio of Cyber Security solutions designed to protect your organization against today’s most prevalent threats.