The Northern Ireland vaccine passport system data leak

August 2, 2021
Northern Ireland vaccine passport system data leak

An unintentional or intentional data leak is a vast cyber threat matter that public and private organizations face. Once data is compromised, disruptions in the operations happen. Downtime is a typical course scenario that occurs when a company encounters a data leak that may damage reputation and productivity interruptions. 


Recently, the Northern Ireland’s Department of Health (DOH), a Northern Irish government department, suffered a data leak incident that affected its COVID 19 vaccine certification online.  


The Covid 19 certification of Northern Ireland’s Department of Health (DOH) allows fully vaccinated individuals to get a Covid certificate to prove their covid vaccination status. The details can be accessed via the website or thru COVIDCert NI mobile application for android and IOS users. The data leak allows a few users of the website and mobile application to see the data of other users, causing them to stop the operations. 

This incident has been reported in the United Kingdom’s Information Commissioner’s Office (ICO), an independent authority that maintains the information rights in individuals’ public interest and data privacy. The Northern Ireland’s Department of Health (DOH) immediately mitigated the data leak and assured that users would typically use the services once the system is restored. 

Northern Ireland’s Department of Health (DOH) also announced a list of notice for the unaffected individuals, as follows:  

  • The users (currently up to and including 31/07) who previously have a copy of their certificate will not be affected. The applications and paper copies are still operational. 
  • Applications from the online portal to 31/07 who did not receive their downloadable PDF file yet will not be affected. The PDF file will be distributed. 
  • Applications will not be affected from the mobile application COVIDCert IN to 31/07 who did not receive their electronic certificate yet. The PDF will be distributed as an interim process. 
  • Applications who requested an electronic certificate to 31/07 and received a PDF copy instead will be able to log in and download the electronic certificate after the issue is resolved. 
  • Applications that are currently undergoing validation in their identity in the NIDirect workflow will continue. After the validation process, users will need to wait until the issue is resolved. 


Users may also experience a locked account error through their NIDirect account due to technical issues. 

The investigations regarding the Northern Ireland’s Department of Health (DOH) data leak incident are still ongoing, and users applications may be processed manually. 

The health information privacy of an individual is complex and essential. Cybercriminals tend to target the healthcare industry as the patient’s personal and health information is valuable. Protecting personal and health information can prevent harm and preserves the rights of an individual. Preventing the privacy invasion and securing the data’s confidentiality helps keep the records safe from modification, unauthorized access, and dissemination of information. 

About the author

Leave a Reply