Calgary third-party vaccination verification app pulls web portal after users' data left unsecured
A third-party vaccine verification app that was initially endorsed by the Calgary Flames' ownership group left some users' data unsecured and available to be viewed by the public, CTV News has confirmed.
The website app of Calgary-made PORTpass was pulled offline late Monday and its website now says "we are updating" on its landing page.
A news tip sent to CTV News and other media outlets on Monday evening pointed out the security flaw that allowed anyone to access profile information of PORTpass users.
The pages displayed the name, email address, blood type, postal code, date of birth and phone number of registered PORTpass users. The page also contained a link to the photo identification submitted by a user, including their driver's licence or passport.
FLAMES FANS: BRING HARD COPIES
Calgary Sports and Entertainment Corporation (CSEC) -- the group that owns the Flames, Stampeders, Roughnecks and Hitmen -- had initially encouraged fans to download PORTpass to provide easier entry into the Saddledome.
CSEC is now saying fans should bring hard copies of their vaccination records to future games.
"CSEC is reviewing issues that have arisen with respect to the use of the PORTpass app and will release further information as appropriate," a statement on the Flames' website reads.
PORTpass CEO Zakir Hussein says he ordered his team to take down their web portal Monday after he found out that user information was publicly available online.
"I'm waiting to hear back from our audit teams here to make sure... where are we going wrong? Where are these holes? What needs to get fixed?" Hussein said Tuesday.
He added that he has two companies auditing the PORTpass security and privacy systems and he is unsure of how many user profiles were affected by the breach.
"Personally, I don't know. I don't yet, but it was definitely not in the hundreds of thousands or thousands or five hundred," he said.
CTV News is unable to verify how many user profiles were affected and for how long their personal information would have been available publicly online.
"We are working on figuring out exactly what happened here and obviously we're going to make this better," Hussein said.
Alberta's Office of the Information and Privacy Commissioner of Alberta said it is contacting PORTpass to remind them about reporting its privacy breach.
"Under Alberta’s Personal Information Protection Act (private sector privacy law), if an organization experiences a breach and determines that there is a real risk of significant harm to affected individuals, it must report the incident to the Commissioner and notify affected individuals," reads a statement from the province's privacy commissioner.
CTVNews.ca Top Stories
American millionaire Jonathan Lehrer denied bail after being charged with killing Canadian couple
American millionaire Jonathan Lehrer, one of two men charged in the killings of a Canadian couple in Dominica, has been denied bail.
LeBlanc says he plans to run in next election, under Trudeau's leadership
Cabinet minister Dominic LeBlanc says he plans to run in the next election as a candidate under Prime Minister Justin Trudeau's leadership, amid questions about his rumoured interest in succeeding his longtime friend for the top job.
Sports columnist apologizes for 'oafish' comments directed at Caitlin Clark. The controversy isn’t over
A male columnist has apologized for a cringeworthy moment during former University of Iowa superstar and college basketball’s highest scorer Caitlin Clark’s first news conference as an Indiana Fever player.
U.S. vetoes a widely supported UN resolution backing full membership for Palestine
The United States has vetoed a widely backed UN resolution that would have paved the way for full United Nations membership for the state of Palestine.
Grandparent scam suspects had ties to Italian organized crime, police allege
A group of suspects that allegedly defrauded seniors across Ontario and other parts of Canada using a so-called emergency grandparent scam appear to have ties to 'Italian traditional organized crime,' according to an investigator involved in the OPP-led probe.
Health Canada to change sperm donor screening rules for men who have sex with men
Health Canada will change its longstanding policy restricting gay and bisexual men from donating to sperm banks in Canada, CTV News has learned. The federal health agency has adopted a revised directive removing the ban on gay, bisexual and other men who have sex with men, effective May 8.
Prince Harry formally confirms he is now a U.S. resident
Prince Harry, the son of King Charles III and fifth in line to the British throne, has formally confirmed he is now a U.S. resident.
Cat found on Toronto Pearson airport runway 3 days after going missing
Kevin the cat has been reunited with his family after enduring a harrowing three-day ordeal while lost at Toronto Pearson International Airport earlier this week.
N.L. gardening store revives 19th century seed-packing machine
Technology from the 19th century has been brought out of retirement at a Newfoundland gardening store, as staff look for all the help they can get to fill orders during a busy season.