Wednesday 18 May 2022
Select a region
News

£15,000 to fix security glitch in digital covid certificate

£15,000 to fix security glitch in digital covid certificate

Monday 24 January 2022

£15,000 to fix security glitch in digital covid certificate

Monday 24 January 2022


The Government was forced to spend £15,000 on checking the safety of its digital covid certificate portal after security issues led to the shutdown of the original within hours of launching, Express can reveal.

Developed in-house by the Government’s ‘Modernisation and Digital Covid team’, the electronic certificate was launched on 20 October, allowing islanders to download a QR code to their smartphones, which would serve as proof of vaccination in countries with entry and internal restrictions.

However, that evening, it was withdrawn after a “system flaw” was discovered, which enabled anyone to use dates of birth and Social Security numbers to access others’ vaccine passports.

That threat had not been identified or tested in advance of the app launching.

Officials worked overnight alongside Microsoft to investigate the issues, but it was not until 17 December that the digital certificate was back up and running, although islanders could have received a PDF version of their QR codes during the two-month gap, as they can still now.

Express asked for details about what the problem was, and how much it had cost to rectify in December. Responding last week, a Government spokesperson said: “While no islanders had their vaccination record compromised from this risk, we needed to close this threat. Work to address this was simple, and relatively quick. 

“However, given the potential impact, an accredited third-party security testing company was recruited to run additional testing. Internal tests were then re-run, and an alternative release date was scheduled."

eiffeltower-paris-france.jpg

Pictured: Proof of vaccination is necessary to visit many restaurant, bars and attractions in Europe, including going up the Eiffel Tower in Paris.

“The only additional cost to the Digital Covid Status Certificate was in the region of £15,000 for the additional third-party testing, which will be carried out regularly as part of our standard procedures as the service is developed," they added.

“We continue to develop our testing capabilities as we continue to develop the digital certificate.

"However, it is standard industry practice to use third-party security testing companies to verify security measures.

“Record of a booster dose was included in the digital certificate when they were launched on 17 December 2021.”

Digital security breach hacker hack data protection.jpeg

Pictured: No one‘s data was compromised but a threat existed, the Government said.

A recent Freedom of Information request revealed that the digital certificate had been developed in-house, by the Government’s ‘Modernisation and Digital Covid Team’, which was put in place to handle all the technology developments required to support the covid response, along with a number of third-party suppliers.

The Government said it could not break down the cost of the digital certificate specifically as the team had worked on a number of projects at the same time. 

It did, however, add that it had not purchased any new software to deliver the electronic certificate.

Sign up to newsletter

 

Comments

Comments on this story express the views of the commentator only, not Bailiwick Publishing. We are unable to guarantee the accuracy of any of those comments.

Once your comment has been submitted, it won’t appear immediately. There is no need to submit it more than once. Comments are published at the discretion of Bailiwick Publishing, and will include your username.

Posted by Paul Richardson on
The Yoti platform still appears to not like to use the Government of Jersey QR codes!!
Posted by Scott Mills on
Someone get Deputy Wickenden on the IT bat phone, He'll have it sorted before Robin can Say "Zaaaaap" "Whaammmmm" "Boooooom".
To place a comment please login

You have landed on the Bailiwick Express website, however it appears you are based in . Would you like to stay on the site, or visit the site?