Calgary third-party vaccination verification app pulls web portal after users' data left unsecured
A third-party vaccine verification app that was initially endorsed by the Calgary Flames' ownership group left some users' data unsecured and available to be viewed by the public, CTV News has confirmed.
The website app of Calgary-made PORTpass was pulled offline late Monday and its website now says "we are updating" on its landing page.
A news tip sent to CTV News and other media outlets on Monday evening pointed out the security flaw that allowed anyone to access profile information of PORTpass users.
The pages displayed the name, email address, blood type, postal code, date of birth and phone number of registered PORTpass users. The page also contained a link to the photo identification submitted by a user, including their driver's licence or passport.
FLAMES FANS: BRING HARD COPIES
Calgary Sports and Entertainment Corporation (CSEC) -- the group that owns the Flames, Stampeders, Roughnecks and Hitmen -- had initially encouraged fans to download PORTpass to provide easier entry into the Saddledome.
CSEC is now saying fans should bring hard copies of their vaccination records to future games.
"CSEC is reviewing issues that have arisen with respect to the use of the PORTpass app and will release further information as appropriate," a statement on the Flames' website reads.
PORTpass CEO Zakir Hussein says he ordered his team to take down their web portal Monday after he found out that user information was publicly available online.
"I'm waiting to hear back from our audit teams here to make sure... where are we going wrong? Where are these holes? What needs to get fixed?" Hussein said Tuesday.
He added that he has two companies auditing the PORTpass security and privacy systems and he is unsure of how many user profiles were affected by the breach.
"Personally, I don't know. I don't yet, but it was definitely not in the hundreds of thousands or thousands or five hundred," he said.
CTV News is unable to verify how many user profiles were affected and for how long their personal information would have been available publicly online.
"We are working on figuring out exactly what happened here and obviously we're going to make this better," Hussein said.
Alberta's Office of the Information and Privacy Commissioner of Alberta said it is contacting PORTpass to remind them about reporting its privacy breach.
"Under Alberta’s Personal Information Protection Act (private sector privacy law), if an organization experiences a breach and determines that there is a real risk of significant harm to affected individuals, it must report the incident to the Commissioner and notify affected individuals," reads a statement from the province's privacy commissioner.
CTVNews.ca Top Stories
Fluid in eye cells can 'boil' if you watch the eclipse without protection: expert
Millions of people in parts of Eastern and Atlantic Canada will be able to see the rare solar eclipse happening on April 8. But they should only look up if they have proper eye protection, experts say.
He didn't trust police but sought their help anyway. Two days later, he was dead
Jameek Lowery was among more than 330 Black people who died after police stopped them with tactics that aren’t supposed to be deadly, like physical restraint and use of stun guns, The Associated Press found.
CRA no longer requiring 'bare trust' reporting in 2023 tax return
The Canada Revenue Agency announced Thursday it will not require 'bare trust' reporting from Canadians that it introduced for the 2024 tax season, just four days before the April 2 deadline.
Being harassed at work? What to consider when deciding what to do next
If you've been the victim of workplace harassment, it can be difficult to feel you're not alone - and even more difficult to know where to go with a complaint.
Sunshine list: These were the Ontario public sector's highest earners in 2023
Ontario released its annual sunshine list Thursday afternoon, noting that the largest year-over-year increases were in hospitals, municipalities, and post-secondary sectors.
Grandparent scam: London, Ont., senior beats fraudsters not once, but twice
It was a typical Tuesday for Mabel Beharrell, 84, until she got the call that would turn her world upside down. Her teenaged grandson was in trouble and needed her help.
Half of Canadians support TikTok ban, with U.S. concerns 'trickling' north: poll
A new poll indicates 51 per cent of Canadians support banning the social media app TikTok, after a U.S. bill aiming to do just that passed in the House of Representatives.
Where is the worst place for allergy sufferers in Canada?
The spring allergy season has started early in many parts of Canada, with high levels of pollen in some cities already. Experts weigh in on which areas have it worse so far this season.
More unauthorized products for skin, sexual enhancement, recalled: Here are the recalls of this week
Health Canada and the Canadian Food Inspection Agency recalled various items this week, including torches, beef biltong and unauthorized products related to skin care and sexual enhancement.