VFS Global, which provides visa services on behalf of the UK, released online application forms that allowed users to access other people’s data by mistake
A contractor that provides visa services on behalf of governments around the world, including the UK, has suffered a serious technical glitch that allowed personal data to be compromised. VFS Global, which acts for around 45 governments, released online application forms this week that used sequential reference numbers, allowing users to access other people’s private information by mistake.
Users could see the personal information of other applicants, including their date of birth, passport details and addresses, if they mistakenly input the ID number of another person when logging into the system. The issue was resolved when customers complained about the flaw. The issue was limited to visa application forms for Italy, VFS said, but as many as 50 people were in danger of having their personal information compromised before the issue was fully addressed.