Canada

Spazito

(54,362 posts) Tue Sep 28, 2021, 01:32 PM Sep 2021

Portpass app may have exposed hundreds of thousands of users' personal data

Private proof-of-vaccination app Portpass exposed personal information, including the driver's licences, of what could be as many as hundreds of thousands of users by leaving its website unsecured.

On Monday evening, CBC News received a tip that the user profiles on the app's website could be accessed by members of the public.

CBC is not sharing how to access those profiles, in order to protect users' personal information, but has verified that email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver's licences and passports can easily be viewed by reviewing dozens of users' profiles.

snip

CBC called Hussein late Monday, and agreed to hold off on publishing an article on the lapse until late Tuesday morning in order to give his team time to lock down the site and protect user information.

The portpassportal.com web app was pulled offline that evening and users of the mobile app were met with "Network error" pop-up messages if they attempted to upload or modify any information.

more

https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749

Yikes, this is very bad, imo. I kept my paper printout and didn't go anywhere to get another piece of proof like a driver license-sized proof of vaccination. I know a lot of people did go to the gov't site over the weekend.

***To be clear, this is NOT the government site, it is a privately owned site.

7 replies

= new reply since forum marked as read

Highlight:

Portpass app may have exposed hundreds of thousands of users' personal data (Original Post) Spazito Sep 2021 OP

This is one area that the Right will jump on LiberalLovinLug Sep 2021 #1

The company here was not contracted by the Provincial government... Spazito Sep 2021 #2

Canada has a history of software problems for this and that. Check out the abqtommy Sep 2021 #3

The thing is, though, this isn't a government site or even a... Spazito Sep 2021 #4

That's true, but what I see is that the Canadians can't trust the government or abqtommy Sep 2021 #5

LOL, true in most countries it seems... Spazito Sep 2021 #7

Tell me about it. Buckeye_Democrat Sep 2021 #6

LiberalLovinLug

(14,375 posts)

1. This is one area that the Right will jump on

Reply to Spazito (Original post)

Tue Sep 28, 2021, 02:03 PM

Sep 2021

If there ever was a big breach of vax pass personal data, from a government or a government contracted company in the US.

That would give Tucker and others actual real ammunition against the passports.

Edit to add, I wouldn't put it past the Q-publicans to hire ninjas, or use Putin's trolls, to actually work overtime to find a way to do this simply to cause more problems for Biden.

Spazito

(54,362 posts)

2. The company here was not contracted by the Provincial government...

Reply to LiberalLovinLug (Reply #1)

Tue Sep 28, 2021, 02:11 PM

Sep 2021

it was strictly a private company taking advantage of the vaccination passport requirements across Canada. The Alberta government has it's own website where Albertans could go to get proof of their vaccinations if they lost their original paper ones or wanted a drivers license-sized proof of vaccination but does not offer an official app.

abqtommy

(14,118 posts)

3. Canada has a history of software problems for this and that. Check out the

Reply to Spazito (Original post)

Tue Sep 28, 2021, 04:06 PM

Sep 2021

Phoenix payroll system, an IBM product adopted in Canada in 2009:

https://www.itworldcanada.com/article/phoenix-payroll-system-timeline-of-the-governments-problems/396407

"It was one of the biggest IT boondoggles in Canadian government history, and it’s still going. The Phoenix payroll system was part of a federal government investment in consolidating and modernizing government processes. Following a failed implementation, tens of thousands of government employees were left out of work, and the Liberal and Conservative governments were pointing the finger at each other.

It’s been a long, hard journey for Public Services and Procurement (PSPC), which set up the system with IBM Corp. and has been facing criticism ever since. Here’s how it all went down."

much more at link for those with an interest

Spazito

(54,362 posts)

4. The thing is, though, this isn't a government site or even a...

Reply to abqtommy (Reply #3)

Tue Sep 28, 2021, 04:12 PM

Sep 2021

government-contracted site, it was a completely private company with no affiliation with either the federal or provincial governments.

The government scandal re the IBM product was a completely different kettle of fish and both the Liberal and Con governments screwed up on this one.

abqtommy

(14,118 posts)

5. That's true, but what I see is that the Canadians can't trust the government or

Reply to Spazito (Reply #4)

Tue Sep 28, 2021, 04:22 PM

Sep 2021

the private sector to get it right.

Spazito

(54,362 posts)

7. LOL, true in most countries it seems...

Reply to abqtommy (Reply #5)

Tue Sep 28, 2021, 04:25 PM

Sep 2021

especially these days.

Buckeye_Democrat

(15,042 posts)

6. Tell me about it.

Reply to abqtommy (Reply #3)

Tue Sep 28, 2021, 04:24 PM

Sep 2021

I was depressed for months after the terrible rollout of the ACA (Obamacare), with a Canadian company contracted to create the website.

Every time that I tried to enroll, the website was obviously being hacked. I'd answer personal questions, double- and triple-checking them, and the answers were completely different by the time that I reached the "summary" at the end. (Which always made my eligibility impossible, of course.) And it happened again and again, for weeks.

CGI Federal:
https://www.washingtonpost.com/news/wonk/wp/2013/10/16/meet-cgi-federal-the-company-behind-the-botched-launch-of-healthcare-gov/

Reply to this discussion