Officials are working to restart the platform after it was forced to close – just hours after it was launched.
The government had announced that Covid-status certificates were to be made available on smartphones, with QR codes that can be used in ‘certain limited situations’. The codes were supposed to be able to be used in Wales and Scotland, which each have their own Covid passes for large-scale events and nightclubs, and in France for the Pass Sanitaire scheme.
A government spokesperson said: ‘Officials have been working through the night with Microsoft to investigate the system flaw raised yesterday evening.
‘This flaw does not lie with Yoti, but is rather a loophole with the platform that would allow someone with the date of birth and social security number of another Islander to access their vaccine certificates.
‘We are continuing to work with Microsoft to close this loophole and make the platform available again.’
In a post on social media, the Cyber Security Centre for Jersey said: ‘Yesterday we were made aware of a security vulnerability with the government’s digital passport system. We reported this to government and were advised action was being taken, which subsequently included suspending access to the service.
‘We have offered our support to officers working on the issue and will be seeking assurance that there is no ongoing risk to Islanders.
‘We encourage anyone identifying potential vulnerabilities in Island systems to follow this example and report them promptly to the responsible organisation or to us so that action can be taken.’
