21 May 2007
The Foreign and Commonwealth Office has shut down its online application system run by visa service Vfs Global after a reported security breach last week.
Lord Triesman, secretary of state for foreign and Commonwealth affairs made a statement on the reported security breach of the Vfs visa application web site.
'Security is paramount in our visa system. We will conduct an immediate thorough and independent investigation into this reported breach of one of our commercial partners' systems. The outcome will be made public. The VFS web site application service has been shut down,' he said.
'The Vfs system is not a government web site or connected to any UK government information system or web site. No government web site has been compromised.'
To combat identity fraud all visa applicants will be finger-printed in future. This system is currently being developed and is expected to be rolled out by 2008.
It emerged last week that online applications for visas could be seen by other applicants by making a simple change in the browser's URL address. Applicants phone numbers, addresses and social security numbers were allegedly open to identity fraudsters.
"Applicants phone numbers, addresses and social security numbers were allegedly open to identity fraudsters."
There is no allegedly about it. As the journalist who did the original investigation, including hacking the visa application site to get evidence of the breach, I can assure you that information including passport numbers, addresses, spouse and childrens names, employment history and detail, travel details, dates of birth and so forth was available to anyone who wanted to go look. All that was required was the ability to change a few numbers at the end of a URL, strikingly similar to the whole NHS MTAS system scandal in fact.
The Lord Triesman statement is misleading in that, in the full statement, he claims the breach only impacted upon users of the Opera web browser client. VFS Global tried to fob me off with this during my investigation, and told Channel 4 News the same thing when I was helping them to produce their coverage of the breach.
Odd then, that the screenshots showing applicants details from the VFS database, and broadcast during that Channel 4 item, clearly show that I was using FireFox at the time.
The big story here, though, is the fact that the breach was first reported to the FCO and VFS Global a year ago by a concerned Indian citizen and nothing was done about it. It took just 24 hours for them to get the hole secured after I reported it, perhaps the knowledge that I was going public with the news after 24 hours helped to focus their attention.
Or maybe the big story should be that the company entrusted to handle the biometric visa applications in India, and other regions, is none other than VFS Global. So that's OK then, I feel really comfortable knowing that such a safe pair of hands will be in charge.
The full story, including the Channel 4 News footage video, can be seen here:
http://www.channel4.com/news/articles/business_money/online+visa+security+flaw/517157
Posted by: Davey Winder 22 May 2007
Have your say on this article
Newsletters
Latest stories from Management
Latest videos
You may also like
Management jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
