Gaping UK visa security hole unearthed

The security breach involved simply changing digits at the end of the URL

The personal data of millions of visa applicants can be easily unearthed online - simply by randomly altering a URL. That's according to a report by IT discussion blog DaniWeb. The issue is due to be featured by Channel 4 news tonight.

It's yet another IT-related embarrassment for the Government, which was also forced to axe the NHS recruitment website this week. The site was plagued by flaws, including a security breach that revealed the personal details of thousands of junior doctors. Thousands more were left without a job to go to.

The visa problem was highlighted when India resident Sanjib Mitra applied for a vista on a site run by the British High Commission and its transaction partner VFS India .

When he lost a great deal of the data he had entered into his browser, he attempted to recoup some by changing the numbers at the end of the URL. Instead he found he could actually view other applicants' personal data that had been entered on previous transactions.

The problem highlights the ease by which an identity thief or even a terrorist could get hold of detailed personal information simply by using a web browser.

VFS claims to handle three million customers per year on a global basis. Writer Davey Winder (who also contributes to our sister magazine PC Plus ), asked Uttram Lahiry, head of IT at VFS Global whether the problem was the same on all of VFS' worldwide visa application systems.

The curt response: "it has been resolved globally" would suggest that the visa site flaw - now fixed - was a worldwide problem. Not just an Indian one.

As Winder points out, many poorly-built websites have lax security. But you don't expect the one handling your visa application to have quite the same issue - or maybe you do, when the UK government is involved.


Dan (Twitter, Google+) is TechRadar's Former Deputy Editor and is now in charge at our sister site Covering all things computing, internet and mobile he's a seasoned regular at major tech shows such as CES, IFA and Mobile World Congress. Dan has also been a tech expert for many outlets including BBC Radio 4, 5Live and the World Service, The Sun and ITV News.