Warning after French president’s health pass QR code revealed online

Warning after French president's health pass QR code revealed online
Photo: John Thys /AFP
French President Emmanuel Macron’s confidential health pass QR code was leaked on social media on Tuesday, a week after Prime Minister Jean Castex’s health pass information was publicly revealed, prompting warnings over personal data protection. 

Macron’s details – including his date of birth, date of vaccination and the manufacturer of the vaccine used – were uploaded to social networks after photographs of it being scanned as part of a routine check were published. Users were able to zoom in on details contained in the photograph.

The Élysée confirmed to Europe1 that the President’s code was authentic, and that ‘special arrangements’ would be made to protect his data and prevent fraudulent use of his health pass code. 

ALSO READ How safe is your personal data in France?

(article continues below)

See also on The Local:

This latest breach comes months after President Macron’s mobile phone number was confirmed to be on a spyware list.

Last week, Mathis Hammel, cybersecurity research and development director at Sogeti, revealed that he had obtained the Prime Minister’s vaccination QR Code simply by zooming in on a press photograph of Castex while he was having his phone scanned, revealing information including his date of birth and the vaccine used.

While it is unlikely most people would attract press interest at the level of the President of France or his Prime Minister, individuals have been warned not to post photos on social media in which their health pass code is visible.

The Prime Minister’s office told Le Figaro that Castex’s health pass details had been compromised: “This gentleman did have access to the health pass thanks to a photo of Jean Castex, and then used it. 

“Although the Prime Minister is regularly followed and photographed by the press, this episode shows that the health pass is a confidential document.”

Castex’s leaked QR code has since been deactivated – but not before, it is believed, it was fraudulently used to gain access to venues that demand health passes but are legally not allowed to confirm pass holders’ identity.

Fraudulent use of another person’s health pass is punishable in the first instance by a fine of up to €750, according to the service-public.fr website, rising to six months in prison and €3,750 for repeated offences.

Officials were quick to point out that other information revealed in the photograph, though personal, amounted to a minor data breach.


Member comments

Become a Member to leave a comment.Or login here.