Swiss DPA probes vaccine website for possible data security breach

2021-03-26T08:19:00+00:00

No comments

The Federal Data Protection and Information Commissioner (DPIC) in Switzerland is probing a possible data security breach by a website that allows people to voluntarily upload an electronic version of their vaccination record.

The action against Foundation Mesvaccins follows an investigation by online magazine Republik.ch which reported vaccination data for 450,000, including 240,000 people vaccinated against Covid-19, were openly accessible and vulnerable to manipulation.

The free service allows people to create an electronic version of their paper vaccination record to ensure they are kept up to date.

However, it has now emerged that it was possible for unauthorised people to bypass checks intended to ensure only registered doctors or pharmacists could access the information in the vaccination records.

A DPIC statement said the commissioner considers the data protection violations “plausible”.

The statement said: “Those responsible at the foundation are now requested to respond to the commissioner very quickly on the allegations raised…in addition, the agent expects information about any data loss.”

Foundation Mesvaccins said it has been made aware of weaknesses in the website with possible unauthorised registration.

It added: “The registration of specialists was always carried out only after a manual check. This check ensured that only doctors or pharmacists trained in the field of vaccinations were given access.

“However, it has now became apparent that it was possible to circumvent this manual check with certain tricks.

“The security of the mesvaccins.ch platform is our top priority. We are therefore always grateful when we are informed directly about weak points. On the technical side, the reported weaknesses were fixed immediately.”

The Foundation is now analysing the vulnerabilities’ effects to determine if falsified vaccination cards or user accounts have been created.

The service – which is offered in French, German, Italian and English – will be offline while that work is carried out. “At the present time, we assume that the identified vulnerabilities were not misused and therefore did not result in any real risk to the protection of users’ data,” the Foundation added.

Register for free to receive the latest data protection and privacy news and analysis straight to your inbox

Topics

No comments

Article
US utilities struggling to meet demand of energy-thirsty AI

2024-04-19T11:53:00Z

In the US, demands for power are outstripping availability as energy-thirsty technologies such as generative AI pile pressure on national electrical systems.
Article
Banks poised for increased risk due to AI

2024-04-19T09:06:00Z

A leading banking regulator has issued a stern warning over the risks that financial institutions face as they move to integrate artificial intelligence (AI) and machine learning (ML) into governance operations.
News
Chicago Gears Up for GRC Connect: Sharpen Skills, Network, and Navigate the Future of GRC

2024-04-15T11:39:00Z By Jonathan Sumner, Chief Digital & Marketing Officer, GRC World Forums.

Get ready, Chicago! GRC Connect kicks off tomorrow, bringing together the brightest minds in governance, risk management, and compliance (GRC) for two days of insightful learning, valuable networking opportunities, and expert guidance on navigating the ever-evolving GRC landscape.