Holy oops! Passport Canada’s website was breached last week due to a flaw in the site.
From Globe & Mail:
A security flaw in Passport Canada’s website has allowed easy access to the personal information – including social insurance numbers, dates of birth and driver’s licence numbers – of people applying for new passports.
The breach was discovered last week by an Ontario man completing his own passport application. He found he could easily view the applications of others by altering one character in the Internet address displayed by his Web browser.
“I was expecting the site to tell me that I couldn’t do that,” said Jamie Laning of Huntsville. “I’m just curious about these things so I tried it, and boom, there was somebody else’s name and somebody else’s data.”
That data included social insurance numbers, driver’s licence numbers and addresses.
And to think…I was going to update mine this weekend. Yipes.
Canadian law does not require organizations to disclose when they’ve suffered security breaches. In the United States the majority of states have enacted legislation requiring organizations to disclose security breaches within a specified period of time.
I would say that time is up. Time for some disclosure discussions.
[tags]Passport Canada Breach, Passport Website Breached, Privacy Breach[/tags]