SALT LAKE CITY (ABC4) – Users of Docket, an app available to Utah and New Jersey residents to store their COVID-19 vaccine information, fell victim to a bug that made their vaccine records available to anyone.
The Utah Department of Health, as well as officials in New Jersey, have endorsed the Docket mobile phone app to store and access immunization records. Through Docket, UDOH explains, users can review past immunization reports, track upcoming shots, and share official immunization reports.
Earlier this week, TechCrunch reports they found a bug on the app that allowed anyone to access the scannable QR codes of other vaccinated users, with all personal and vaccine information within. Docket allows users to share their vaccine records via the QR code to get into events, restaurants, or other venues requiring the COVID-19 vaccine.
With the bug, Docket allowed anyone to access the names, dates of births, and information about a person’s COVID-19 vaccination status, according to TechCrunch. After the outlet reported the bug to Dockett, they report the bug was fixed at the server level a short time later. Docket Chief Executive Michael Perretta told TechCrunch the company was reviewing its logs to determine if there was any malicious activity.
Docket has not yet returned ABC4’s request for comment. A tweet posted to their Twitter account late Wednesday night says the platform has “been hard at work squashing bugs.”
Tom Hudachko, Director of Communications with UDOH shared the below statement with ABC4:
The Utah Department of Health is committed to ensuring the privacy of Utah residents and expects its contractors and partners to maintain the same commitment. Docket notified us earlier this week of a bug within its system that could potentially allow users to access the personal information of other users. Docket has assured us they have identified what caused the bug and have resolved this issue.
We are working with Docket, and our own data security teams to identify any users that may have had their information inappropriately shared and provide appropriate notification to those individuals.
The Docket application has undergone a thorough security review by the Centers for Medicare and Medicaid Services and the Office of the National Coordinator for Health Information Technology.
Hudachko says they have only found one user whose records were inappropriately accessed. The number of Utahns using the app was not immediately available.