Passport Canada Suffers Personal Data Loss
The Canada Passport office's website was found to contain a security loophole that allowed unauthorized access to information relating to private data of applicants seeking new passports. The stolen information includes dates of birth, driver's license numbers and social insurance numbers.
The security breach on the website of the federal government was discovered in the end week of November 2007 when Jamie Laning, an IT worker who noticed that on changing a letter in the URL, he was able to view other applicants' forms. 47-year-old Laning drew the attention of Passport Canada to the problem, which then took the site offline. Citynews published this on December 4, 2007.
According to Passport Canada, it did not take much time to resolve the problem and they were able to get the website back on the Net. However, the site had a risk of being compromised again. This implied Passport Canada was not serious about the security breach and their declaration that the site was secured indicated either their arrogance or incompetence.
Spokesman Colin McKay for Canada's Office of the Federal Privacy Commissioner said that the weakness in the system was a matter of concern as it exposed crucial personal information to easy viewing by anybody. The office was always concerned when agencies did not fully adopt all the possible security measures. This was especially true for Passport Canada that handled key documents. Theglobeandmail published McKay's statement on December 4, 2007.
Two similar breaches relating to personal information had preceded the Canada Passport incident. On November 21, 2007, the government passed a law that termed it a crime to collect, possess or circulate people's identification details that resulted in a crime.
The incident with Passport Canada is the most recent instance of a major government agency encountering problem in protecting the personal information of its citizens. In November 2007, the Chancellor of the Exchequer accepted it as true that the Revenue and Customs of Her Majesty faced a security breach of child benefit data for 25 Million people. In another instance, the US Department of Veteran Affairs allowed exposure of records of 25.6 Million people after a laptop was stolen.
» SPAMfighter News - 15-12-2007