Gaping UK visa security hole unearthed

The security breach involved simply changing digits at the end of the URL

The personal data of millions of visa applicants can be easily unearthed online - simply by randomly altering a URL. That's according to a report by IT discussion blog DaniWeb. The issue is due to be featured by Channel 4 news tonight.

It's yet another IT-related embarrassment for the Government, which was also forced to axe the NHS recruitment website this week. The site was plagued by flaws, including a security breach that revealed the personal details of thousands of junior doctors. Thousands more were left without a job to go to.

The visa problem was highlighted when India resident Sanjib Mitra applied for a vista on a site run by the British High Commission and its transaction partner VFS India .

When he lost a great deal of the data he had entered into his browser, he attempted to recoup some by changing the numbers at the end of the URL. Instead he found he could actually view other applicants' personal data that had been entered on previous transactions.

The problem highlights the ease by which an identity thief or even a terrorist could get hold of detailed personal information simply by using a web browser.

VFS claims to handle three million customers per year on a global basis. Writer Davey Winder (who also contributes to our sister magazine PC Plus ), asked Uttram Lahiry, head of IT at VFS Global whether the problem was the same on all of VFS' worldwide visa application systems.

The curt response: "it has been resolved globally" would suggest that the visa site flaw - now fixed - was a worldwide problem. Not just an Indian one.

As Winder points out, many poorly-built websites have lax security. But you don't expect the one handling your visa application to have quite the same issue - or maybe you do, when the UK government is involved.

Contributor

Dan (Twitter, Google+) is TechRadar's Former Deputy Editor and is now in charge at our sister site T3.com. Covering all things computing, internet and mobile he's a seasoned regular at major tech shows such as CES, IFA and Mobile World Congress. Dan has also been a tech expert for many outlets including BBC Radio 4, 5Live and the World Service, The Sun and ITV News.

Latest in Software
Apple WWDC 2025 announced
3 things Apple needs to do at WWDC 2025 to save Apple Intelligence, and why I'm convinced it will
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
Youtube
YouTube Premium could be getting a new time-saving perk, showing you recommended videos directly in your playback queue
The Kiwi design K4 Boost Battery strap being worn by Hamish
I test VR headsets for a living, and this affordable headstrap is the first Meta Quest 3 accessory you should buy
Both Kiwi design G4 Pro Performance Controller Grips
I thought VR controller grips were pointless until this Meta Quest 3 accessory proved me wrong
The Kiwi design H4 Boost Halo Battery Strap
Want to upgrade your VR headset? Look no further than my new favorite Meta Quest 3 headstrap
Latest in News
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about Avengers: Doomsday's cast on YouTube, and I think it's going to be a long-winded reveal
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch