17 July 2015
Users' data compromised after technical glitch at Home Office contractor
By Saeed Kamali Dehghan
Following the discovery of a security breech in VFS Global by the head of the Financial Services practice at DataArt UK, The Guardian ran a story highlighting the glitches in the system of the global visa services provider and offering commentary from Alexey Utkin & Dmitry Bagrov, Managing Partner at DataArt UK.
"Users could see the personal information of other applicants, including their date of birth, passport details and addresses, if they mistakenly input the ID number of another person when logging into the system… The UK Home Office is among many European government departments that have outsourced technology services to VFS for their diplomatic missions abroad.
Two Russian nationals living in the UK… who are technology consultants, immediately realised the seriousness of the issue. Dmitry Bagrov, managing director of DataArt UK, told the Guardian he didn’t believe the issue was due to a bug, but rather “because whoever designed this system has not even thought about protecting my data”. He said he has never had any problems with UK authorities. He added: “This is beyond stupid. This is just taking your customers as an annoyance, comfortable in the knowledge that you have a long-term contract regardless of how you work.”
Alexey Utkin, head of financial practice at DataArt UK, said: “The global visa processing company VFS Global has always been a huge pain from the customer experience perspective on a website, utter confusion.” He added that it was “totally insane” that he could access anyone’s forms by just inputting an application number. Numbers were sequential, and while he was trying to find the application for his son, he was able to access the applications of many others. “They simply didn’t put in any protection. I left feedback to them, but they’re huge and in my view totally incompetent. Fifteen hours later, it was still not secure, last time I checked. You would assume they should know about data protection – they’re trusted by governments worldwide,” he said."