World NewsCanada

Alberta MLA Ordered to Pay $7,200 After Hacking COVID Vaccine Portal to Prove Flaws

Save
Alberta MLA Ordered to Pay $7,200 After Hacking COVID Vaccine Portal to Prove Flaws
Edmonton-Southwest MLA Thomas Dang (C) pictured on May 12, 2015. (Amber Bracken/The Canadian Press)
Marnie Cathcart
11/29/2022
Updated:
11/29/2022

EDMONTON—Independent Alberta MLA Thomas Dang was sentenced Tuesday to a $7,200 fine after admitting to hacking provincial COVID-19 vaccine records. Dang, 27, pleaded guilty on Nov. 4 to a charge of illegally attempting to access private information, which was laid under the province’s Health Information Act.

Dang, formerly with the NDP, was sentenced by Judge Michelle Doyle in the Provincial Court of Alberta on Nov. 19. The judge had harsh words for the MLA. “Given the gravity of the offence, a sentencing court must impose a sentence that deters others from engaging in the sort of conduct that Mr. Dang engaged in. The sentence imposed must also send a message to the community that Mr. Dang’s conduct is to be denounced,” Doyle said.

Dang admitted that in September 2021, when vaccine passports were made mandatory in the province to access restaurants, gyms, movie theatres, and other activities deemed “non-essential,” he got a tip that there were loopholes in the vaccine portal on the government website.

He used former Premier Jason Kenney’s birth date and vaccination dates, which had been publicized, and gained access to the site, ultimately retrieving information belonging to a woman called Ms. AB in court. The woman was vaccinated in the same month as Kenney and had the same birth date.

Flaw in Portal

Dang said he told NDP staff, and the information was passed on to Alberta Health who then fixed the flaw in the website. RCMP later traced the web activity to Dang and showed up with a search warrant to access his computer.

Dang has a bachelor’s degree in cybersecurity from Western Governors University and a certificate in computing and information systems from Athabasca University.

“Mr. Dang did not reveal Ms. AB’s health records to anyone and the installed script [on his computer] did not seek information beyond the health number and COVID vaccination records,” the judge said.

She accepted that Dang intended “to provide Alberta Health with the means to prevent such unauthorized activities by others who may have had a nefarious purpose.”

Doyle also said Dang “lost sight of the larger context of his conduct” and it was “a backwards effort to protect the privacy of others.” The judge said he did not need to hack into a stranger’s vaccine records and betrayed trust in his position as an MLA.

Doyle sentenced him to pay $6,000 in fines under the Health Information Act charge, plus $1,200 for the Victims of Crime Fund. The maximum fine for an offence of this nature is $200,000.