A data breach affected Jamaica’s Covid-19 mobile application, leaving travellers’ information exposed and vulnerable. Called the JAMCOVID-19 application, Tech Crunch states the app was breached after a cloud storage server was left unprotected by the government contractor.
The cloud storage server found under Amazon Web Services (AWS) was left exposed by a government contractor hired by Jamaica. Called the Amber Group, the technology firm in question supposedly left the server without a password.
The JAMCOVID-19 application is currently being used by the Jamaican government to keep track of the number of people who have the virus. Fox News states the website allows individuals to provide information about their illness and the symptoms they are experiencing.
Amber Group’s exposed server contained the negative results of more than 70,000 Covid-19 cases, as well as more than 425,000 immigration documents of individuals that were allowed to travel to Jamaica in the past year.
According to Fox News, among the data compromised by the server include the names of travellers, their corresponding passport numbers, as well as their dates of birth.
Tech Crunch states that quarantine orders that total more than 250,000 that dates back to June 2020 were also found on the said database. The images of travellers’ signatures were also found on the exposed server, with these exceeding 440,000.
Of these details, Tech Crunch states that thousands of Americans’ data were also compromised. The lab results of two American Travelers told the news site in an interview that they were required to upload their Covid-19 results before being given a travel authorization.
Besides this, check-in videos required by the Ministry of Health, have also been exposed. These short check-in clips that provide daily updates to the department exceed more than 1.1 million.
Following the security incident, the government of Jamaica issued a statement saying, “A thorough investigation was immediately initiated to determine if there were any breaches in travellers’ data security if the vulnerability had been exploited and if there was a breach of any laws. At present, there is no evidence to suggest that the security vulnerability had been exploited for malicious data extraction prior to it being rectified.”
Apart from this, the Jamaican government also maintained that they have notified possibly affected parties whose information might have been compromised in the incident. A patch has also been issued.
While Tech Crunch and Fox News have reached out to Amber Group for comment, the technology company has failed to return or make a statement about the issue.