Calgary third-party vaccination verification app pulls web portal after users' data left unsecured
A third-party vaccine verification app that was initially endorsed by the Calgary Flames' ownership group left some users' data unsecured and available to be viewed by the public, CTV News has confirmed.
The website app of Calgary-made PORTpass was pulled offline late Monday and its website now says "we are updating" on its landing page.
A news tip sent to CTV News and other media outlets on Monday evening pointed out the security flaw that allowed anyone to access profile information of PORTpass users.
The pages displayed the name, email address, blood type, postal code, date of birth and phone number of registered PORTpass users. The page also contained a link to the photo identification submitted by a user, including their driver's licence or passport.
FLAMES FANS: BRING HARD COPIES
Calgary Sports and Entertainment Corporation (CSEC) -- the group that owns the Flames, Stampeders, Roughnecks and Hitmen -- had initially encouraged fans to download PORTpass to provide easier entry into the Saddledome.
CSEC is now saying fans should bring hard copies of their vaccination records to future games.
"CSEC is reviewing issues that have arisen with respect to the use of the PORTpass app and will release further information as appropriate," a statement on the Flames' website reads.
PORTpass CEO Zakir Hussein says he ordered his team to take down their web portal Monday after he found out that user information was publicly available online.
"I'm waiting to hear back from our audit teams here to make sure... where are we going wrong? Where are these holes? What needs to get fixed?" Hussein said Tuesday.
He added that he has two companies auditing the PORTpass security and privacy systems and he is unsure of how many user profiles were affected by the breach.
"Personally, I don't know. I don't yet, but it was definitely not in the hundreds of thousands or thousands or five hundred," he said.
CTV News is unable to verify how many user profiles were affected and for how long their personal information would have been available publicly online.
"We are working on figuring out exactly what happened here and obviously we're going to make this better," Hussein said.
Alberta's Office of the Information and Privacy Commissioner of Alberta said it is contacting PORTpass to remind them about reporting its privacy breach.
"Under Alberta’s Personal Information Protection Act (private sector privacy law), if an organization experiences a breach and determines that there is a real risk of significant harm to affected individuals, it must report the incident to the Commissioner and notify affected individuals," reads a statement from the province's privacy commissioner.
CTVNews.ca Top Stories
Former homicide detective explains how police will investigate shooting outside Drake's Bridle Path mansion
Footage from dozens of security cameras in the area of Drake’s Bridle Path mansion could be the key to identifying the suspect responsible for shooting and seriously injuring a security guard outside the rapper’s sprawling home early Tuesday morning, a former Toronto homicide detective says.
Federal government grants B.C.'s request to recriminalize hard drugs in public spaces
The federal government is granting British Columbia's request to recriminalize hard drugs in public spaces, nearly two weeks after the province asked to end its pilot project early over concerns of public drug use.
Testifying in hush money trial, adult film actor Stormy Daniels describes first meeting Trump
Stormy Daniels took the witness stand Tuesday at Donald Trump's hush money trial, describing for jurors a sexual encounter the porn actor says she had in 2006 that resulted in her being paid off to keep silent during the presidential election 10 years later.
MPs agree Canadian gov't should improve new disability benefit
The federal government needs to safeguard the incoming Canada Disability Benefit from clawbacks and do more to ensure it actually meets the stated aim of lifting people living with disabilities out of poverty, MPs from all parties agree.
King Charles too busy to see son Prince Harry during U.K. trip
Prince Harry will not be seeing his father King Charles during his current visit to Britain as the monarch will be too busy, Harry's spokesperson said on Tuesday.
Boy Scouts of America changing name for first time in 114 years, aiming for inclusivity
The Boy Scouts of America is changing its name for the first time in its 114-year history and will become Scouting America. It's a significant shift as the organization emerges from bankruptcy following a flood of sexual abuse claims and seeks to focus on inclusion.
opinion Tom Mulcair: Trudeau's handling of Poilievre's 'wacko' House turfing a clear sign of Liberal desperation
When Speaker Greg Fergus tossed out Pierre Poilievre from the House last week, "those of us who have experience as parliamentarians simply couldn't believe our eyes," writes former NDP leader Tom Mulcair in his column for CTVNews.ca
Security guard shot, seriously injured outside of Drake's Toronto mansion
A security guard working at Drake’s Bridle Path mansion in Toronto was seriously injured in a shooting outside the residence early Tuesday morning, police said.
Katy Perry's mom was fooled by AI images of the singer at the Met Gala
Katy Perry did not attend the Met Gala on Monday, but some of the singer’s fans – and even her mom – thought she did.