OTTAWA (Reuters) - Canada’s passport office has fixed a security flaw in its Web site that allowed computer users to access the personal data of passport applicants, officials said on Tuesday.
The Globe and Mail newspaper said an Ontario man had discovered last week that by changing one character in the Internet address displayed on his Web browser, he could view the application forms of others.
Foreign Minister Maxime Bernier said his officials had immediately contacted the head of Passport Canada to make their concerns known.
“Yes, what happened last week was serious, and we were assured today that ... the problem has been sorted out and that Passport Canada’s Web site is now one of the most secure (of its kind),” he told Parliament.
The Globe said the Ontario man easily found the social insurance number, driver’s license number and home address of another man -- just the kind of information that would be sought by identity thieves.
A spokesman for the passport office said on Tuesday the Web site’s security systems had been strengthened.
“This issue has now been resolved,” said Fabien Lengelle.
He said the Web site only stored information temporarily and that the files the Ontario man had accessed were those of people making applications via the Internet at the same time.
“He only accessed a portion of the application, not the entire application ... we believe this is an isolated anomaly,” said Lengelle.
Two weeks ago, the federal government unveiled draft legislation to crack down in identity theft, a crime it said could cost Canadians C$2 billion a year.
Reporting by David Ljunggren; Editing by Rob Wilson