Privacy Breach In Canadian Passport Application Site

Joanna Karczmarek sends us news of a massive privacy breach in the Government of Canada passport website. "A security flaw in Passport Canada's website has allowed easy access to the personal information — including social insurance numbers, dates of birth and driver's license numbers — of people applying for new passports. ... The breach was discovered last week by an Ontario man completing his own passport application. He found he could easily view the applications of others by altering one character in the Internet address displayed by his Web browser."

Accidentally on purpose

[threaded]

I just don't get it: someone like me, when I work on such systems just see these kinds of problems and flag them.

So either: no one saw it (which I find very hard to believe), no one flagged it, or was it, as tends to happen: ignored by the clueless management to save money?

Then there is the tin-foil hat reason: they wanted to make it easy for peoples data to be stolen, much like has happened numerous times in the UK recently.