Technology news site TechCrunch revealed that a privately-run website branded ‘UK Visa Portal’ left an Amazon S3 bucket containing more than 100,000 passport photos and applicant selfies wide open to the internet.
![Security lapse exposes 100,000 UK visa applicants’ passports and selfies]()
Travelers who still want expert help without risking data exposure can turn instead to established platforms like VisaHQ, whose secure UK portal (https://www.visahq.com/united-kingdom/) provides step-by-step guidance for ETA and visa applications while keeping uploaded documents encrypted and fully compliant with data-protection rules.
The breach was discovered by an anonymous researcher, who said a back-end flaw allowed the full directory of images to be enumerated. UK Visa Portal markets paid ‘assistance’ for Electronic Travel Authorisation (ETA) and other applications but has no formal link to the Home Office. Victims—many of whom believed they were using an official channel—had uploaded highly sensitive ID documents that included embedded geolocation data precise enough to reveal home addresses. After TechCrunch contacted the company, the files were quietly secured, but the operator—apparently a UAE-registered entity called Active Leadgen LLC—responded through lawyers rather than issuing a public notice or committing to regulator notification. Cyber-security experts warn that the leak increases the risk of identity theft and could be exploited to forge travel documents or facilitate social-engineering attacks against travellers and their employers. Under UK GDPR and the EU’s Digital Services Act, organisations that process personal data of EU or British residents must report serious breaches within 72 hours. Failure to do so can trigger fines of up to 4 per cent of annual global turnover. Data-protection lawyers say the Information Commissioner’s Office is likely to open an investigation if victims file complaints. Practical take-away: global mobility managers should remind assignees and business travellers to use only the official GOV.UK channels or reputable immigration advisers when applying for ETAs and visas, and to be wary of look-alike sites that rank high in online ads.
Travelers who still want expert help without risking data exposure can turn instead to established platforms like VisaHQ, whose secure UK portal (https://www.visahq.com/united-kingdom/) provides step-by-step guidance for ETA and visa applications while keeping uploaded documents encrypted and fully compliant with data-protection rules.
The breach was discovered by an anonymous researcher, who said a back-end flaw allowed the full directory of images to be enumerated. UK Visa Portal markets paid ‘assistance’ for Electronic Travel Authorisation (ETA) and other applications but has no formal link to the Home Office. Victims—many of whom believed they were using an official channel—had uploaded highly sensitive ID documents that included embedded geolocation data precise enough to reveal home addresses. After TechCrunch contacted the company, the files were quietly secured, but the operator—apparently a UAE-registered entity called Active Leadgen LLC—responded through lawyers rather than issuing a public notice or committing to regulator notification. Cyber-security experts warn that the leak increases the risk of identity theft and could be exploited to forge travel documents or facilitate social-engineering attacks against travellers and their employers. Under UK GDPR and the EU’s Digital Services Act, organisations that process personal data of EU or British residents must report serious breaches within 72 hours. Failure to do so can trigger fines of up to 4 per cent of annual global turnover. Data-protection lawyers say the Information Commissioner’s Office is likely to open an investigation if victims file complaints. Practical take-away: global mobility managers should remind assignees and business travellers to use only the official GOV.UK channels or reputable immigration advisers when applying for ETAs and visas, and to be wary of look-alike sites that rank high in online ads.
