Passport Canada strengthens online security following breach

Passport Canada said Tuesday it has fixed a security flaw discovered last week in its online filing system that exposed sensitive personal information.

Fabien Lengelle, a spokesman for the federal agency, said the breach discovered by Jamie Laning of Huntsville, Ont., involved one file.

"He went on the site and he was playing with the numbers in the URL, in the address," Lengelle said. "He had to guess the number right to get access to another applicant's file. If you do that right now you'll get an error message."

The website is used as a temporary gateway, and no information collected is stored online, the agency said. The files Laning could see last week were those of other people using the gateway at the same time to make a passport application.

The federal agency has since beefed up its security system, consulting experts to protect against possible breaches.

"We've tested the system to make sure it's foolproof and we've also sought external help to ensure that applicants' information cannot be accessed through Passport Online," Lengelle said.

"Those who've used passport online in the past are covered, they are not at risk at all," he said.

The site was closed briefly on Monday for routine maintenance which was not related to the security flaw, Lengelle said.