Calgary third-party vaccination verification app pulls web portal after users' data left unsecured
A third-party vaccine verification app that was initially endorsed by the Calgary Flames' ownership group left some users' data unsecured and available to be viewed by the public, CTV News has confirmed.
The website app of Calgary-made PORTpass was pulled offline late Monday and its website now says "we are updating" on its landing page.
A news tip sent to CTV News and other media outlets on Monday evening pointed out the security flaw that allowed anyone to access profile information of PORTpass users.
The pages displayed the name, email address, blood type, postal code, date of birth and phone number of registered PORTpass users. The page also contained a link to the photo identification submitted by a user, including their driver's licence or passport.
FLAMES FANS: BRING HARD COPIES
Calgary Sports and Entertainment Corporation (CSEC) -- the group that owns the Flames, Stampeders, Roughnecks and Hitmen -- had initially encouraged fans to download PORTpass to provide easier entry into the Saddledome.
CSEC is now saying fans should bring hard copies of their vaccination records to future games.
"CSEC is reviewing issues that have arisen with respect to the use of the PORTpass app and will release further information as appropriate," a statement on the Flames' website reads.
PORTpass CEO Zakir Hussein says he ordered his team to take down their web portal Monday after he found out that user information was publicly available online.
"I'm waiting to hear back from our audit teams here to make sure... where are we going wrong? Where are these holes? What needs to get fixed?" Hussein said Tuesday.
He added that he has two companies auditing the PORTpass security and privacy systems and he is unsure of how many user profiles were affected by the breach.
"Personally, I don't know. I don't yet, but it was definitely not in the hundreds of thousands or thousands or five hundred," he said.
CTV News is unable to verify how many user profiles were affected and for how long their personal information would have been available publicly online.
"We are working on figuring out exactly what happened here and obviously we're going to make this better," Hussein said.
Alberta's Office of the Information and Privacy Commissioner of Alberta said it is contacting PORTpass to remind them about reporting its privacy breach.
"Under Alberta’s Personal Information Protection Act (private sector privacy law), if an organization experiences a breach and determines that there is a real risk of significant harm to affected individuals, it must report the incident to the Commissioner and notify affected individuals," reads a statement from the province's privacy commissioner.
CTVNews.ca Top Stories
Here's where Canadians are living abroad: report
A recent report sheds light on Canadians living abroad--estimated at around four million people in 2016—and the public policies that impact them.
'We are declaring our readiness': No decision made yet as Poland declares it's ready to host nuclear weapons
Polish President Andrzej Duda says while no decision has been made around whether Poland will host nuclear weapons as part of an expansion of the NATO alliance’s nuclear sharing program, his country is willing and prepared to do so.
Harvey Weinstein hospitalized after return to New York from upstate prison
Harvey Weinstein’s lawyer said Saturday that the onetime movie mogul has been hospitalized for a battery of tests after his return to New York City following an appeals court ruling nullifying his 2020 rape conviction.
Deadly six-vehicle crash on Highway 400 sparked by road rage incident
One person was killed in a six-vehicle crash on Highway 400 in Innisfil Friday evening.
Invasive and toxic hammerhead worms make themselves at home in Ontario
Ontario is now home to an invasive and toxic worm species that can grow up to three feet long and can be dangerous to small animals and pets.
Central Alberta queer groups react to request from Red Deer-South to reinstate Jennifer Johnson to UCP caucus
A number of LGBQT+2s groups in Central Alberta are pushing back against a request from the Red Deer South UCP constituency to reinstate MLA Jennifer Johnson into the UCP caucus.
Opinion I just don't get Taylor Swift
It's one thing to say you like Taylor Swift and her music, but don't blame CNN's AJ Willingham's when she says she just 'doesn't get' the global phenomenon.
Sophie Gregoire Trudeau on navigating post-political life, co-parenting and freedom
Sophie Gregoire Trudeau says there is 'still so much love' between her and Prime Minister Justin Trudeau, as they navigate their post-separation relationship co-parenting their three children.
First court appearance for boy and girl charged in death of Halifax 16-year-old
A girl and a boy, both 14 years old, made their first appearance today in a Halifax courtroom, where they each face a second-degree murder charge in the stabbing death of a 16-year-old high school student.