Northern Ireland’s online vaccine passport system (COVIDCert NI) has been temporarily suspended following a data leak. The incident underscores people’s concerns about privacy with digital vaccine certification systems.
Northern Ireland’s Department of Health (DoH) announced the data leak and the suspension of the COVIDCert NI service. The department said some users of the service were shown data of other users, in some circumstances. At the time of writing, both the web portal and mobile app of the system were not working.
Related: NY vaccine pass is plagued with privacy failures as anyone can access someone else’s health records
After becoming aware of the incident, Northern Ireland’s DoH reported the issue to the UK’s Information Commissioner’s Office. Northern Ireland is among the four countries that are part of the United Kingdom.
In a statement published, the DoH said: “The Department of Health takes the privacy of citizen’s data very seriously and contact has been made with the Information Commissioner’s Office (ICO) as part of due diligence in protecting citizen’s data.”
“Immediate action has also been taken to temporarily remove a part of the service that manages identity.”
The department also published a list of parties not affected by the incident, such as those who used the online portal to apply for a downloadable PDF and/or digital certificate and are yet to receive it, as well as those who had already received their certificates.
The DoH, however, is yet to say how many users were affected by the data leak.
Some may argue that the incident was small, but it underscores concerns about data privacy when using online digital vaccination certification systems.
The systems hold a lot of personal data, which bad actors would kill for. Back in May, Northern Ireland’s neighbor Ireland reported a ransomware attack on its public healthcare system, where the ransom was $20 million.
