Calgary third-party vaccination verification app pulls web portal after users' data left unsecured
A third-party vaccine verification app that was initially endorsed by the Calgary Flames' ownership group left some users' data unsecured and available to be viewed by the public, CTV News has confirmed.
The website app of Calgary-made PORTpass was pulled offline late Monday and its website now says "we are updating" on its landing page.
A news tip sent to CTV News and other media outlets on Monday evening pointed out the security flaw that allowed anyone to access profile information of PORTpass users.
The pages displayed the name, email address, blood type, postal code, date of birth and phone number of registered PORTpass users. The page also contained a link to the photo identification submitted by a user, including their driver's licence or passport.
FLAMES FANS: BRING HARD COPIES
Calgary Sports and Entertainment Corporation (CSEC) -- the group that owns the Flames, Stampeders, Roughnecks and Hitmen -- had initially encouraged fans to download PORTpass to provide easier entry into the Saddledome.
CSEC is now saying fans should bring hard copies of their vaccination records to future games.
"CSEC is reviewing issues that have arisen with respect to the use of the PORTpass app and will release further information as appropriate," a statement on the Flames' website reads.
PORTpass CEO Zakir Hussein says he ordered his team to take down their web portal Monday after he found out that user information was publicly available online.
"I'm waiting to hear back from our audit teams here to make sure... where are we going wrong? Where are these holes? What needs to get fixed?" Hussein said Tuesday.
He added that he has two companies auditing the PORTpass security and privacy systems and he is unsure of how many user profiles were affected by the breach.
"Personally, I don't know. I don't yet, but it was definitely not in the hundreds of thousands or thousands or five hundred," he said.
CTV News is unable to verify how many user profiles were affected and for how long their personal information would have been available publicly online.
"We are working on figuring out exactly what happened here and obviously we're going to make this better," Hussein said.
Alberta's Office of the Information and Privacy Commissioner of Alberta said it is contacting PORTpass to remind them about reporting its privacy breach.
"Under Alberta’s Personal Information Protection Act (private sector privacy law), if an organization experiences a breach and determines that there is a real risk of significant harm to affected individuals, it must report the incident to the Commissioner and notify affected individuals," reads a statement from the province's privacy commissioner.
CTVNews.ca Top Stories
Pedestrian, baby injured after stroller struck and dragged by vehicle in Squamish, B.C.
Police say a baby and a pedestrian suffered non-life-threatening injuries after a vehicle struck a baby stroller and dragged it for two blocks before stopping in Squamish, B.C.
Demonstrators kicked out of Ontario legislature for disruption after failed keffiyeh vote
A group of demonstrators were kicked out of the legislature after a second NDP motion calling for unanimous consent to reverse a ban on the keffiyeh failed to pass.
Tom Mulcair: Park littered with trash after 'pilot project' is perfect symbol of Trudeau governance
Former NDP leader Tom Mulcair says that what's happening now in a trash-littered federal park in Quebec is a perfect metaphor for how the Trudeau government runs things.
RCMP uncovers alleged plot by 2 Montreal men to illegally sell drones, equipment to Libya
The RCMP says it has uncovered a plot by two men in Montreal to sell Chinese drones and military equipment to Libya illegally.
Government agrees to US$138.7M settlement over FBI's botching of Larry Nassar assault allegations
The U.S. Justice Department announced a US$138.7 million settlement Tuesday with more than 100 people who accused the FBI of grossly mishandling allegations of sexual assault against Larry Nassar in 2015 and 2016, a critical time gap that allowed the sports doctor to continue to prey on victims before his arrest.
Man wanted in connection with deadly shooting in Toronto tops list of most wanted fugitives in Canada
A 35-year-old man wanted in connection with the murder of Toronto resident 29-year-old Sharmar Powell-Flowers nine months ago has topped the list of the BOLO program’s 25 most wanted fugitives across Canada, police announced Tuesday.
Doctors ask Liberal government to reconsider capital gains tax change
The Canadian Medical Association is asking the federal government to reconsider its proposed changes to capital gains taxation, arguing it will affect doctors' retirement savings.
Pro-Palestinian protests roiling U.S. colleges escalate with arrests, new encampments and closures
The student protests of Israel's war with Hamas that have been creating friction at U.S. universities escalated Tuesday as new encampments sprouted and some colleges encouraged students to stay home and learn online, after dozens of arrests across the country.
Tabloid publisher says he pledged to be Trump campaign's 'eyes and ears' during 2016 race
A veteran tabloid publisher testified Tuesday that he pledged to be Donald Trump 's 'eyes and ears' during his 2016 presidential campaign, recounting how he promised the then-candidate that he would help suppress stories that had the potential to harm the Republican's election bid.