Thu | Mar 4, 2021

Full Text | Government initiates criminal investigation into 'alleged data breach'

Published:Thursday | February 18, 2021 | 8:07 PM

The government says it has initiated a criminal investigation into the security vulnerability associated with the JAMCOVID app.

On Wednesday, the Ministry of National Security reported that a security vulnerability associated with the file storage service on the JAMCOVID-19 application was discovered on Tuesday.

Persons entering Jamaica are required to seek travel authorisation on the Government’s JAMCOVID website.

The Ministry says the security vulnerability was immediately rectified upon discovery.

In a statement today, the Ministry said the database is hosted on an AWS cloud server account owned by the Government of  Jamaica. 

It added that an independent review has been commissioned of the security of the system and that the results of  this review are expected within the next 24 hours.

"The systems of the Passport, Immigration and Citizenship Agency were not in any way affected, compromised or exposed by the vulnerability. When a security vulnerability is identified in respect of a Government system, the Government has a duty to investigate and rectify it. Under Jamaican law, we also have a 
duty to ensure that any unauthorised access to data is investigated and prosecuted," the statement read.

It continued: "Under section 3 of the Cybercrimes Act, 'any person who knowingly obtains, for himself or another person, unauthorised access to any program or data held in a computer commits an offence'. The matter has therefore been referred to the Communication Forensics and  Cybercrime Unit of the Jamaica Constabulary Force and the Major Organised Crime and  Anti-Corruption Agency for further investigation."

The Ministry noted that the Government is assuring all travellers that it takes data privacy and security extremely seriously and remain committed to stringent security protocols in keeping with local and international standards. 

The government said it stands by the JAMCOVID-19 application as it has been a critical element of the Controlled Entry programme and has served Jamaica well in the management of the pandemic.

"The identified vulnerability has been rectified and the security  protocols around the application will continue to be monitored to ensure that they meet the highest standards," the Ministry said.

See full text below: 

Further to the Press Release issued on February 17, 2021, regarding the security vulnerability associated with the JAMCOVID-19 application, the Government of Jamaica wishes to provide the following additional information from the ongoing investigation:

 - The database is hosted on an AWS cloud server account owned by the Government of Jamaica. 

 -  An independent review has been commissioned of the security of the system. Results of this review are expected within the next 24 hours.

 - The systems of the Passport, Immigration and Citizenship Agency were not in any way affected, compromised or exposed by the vulnerability. 

 - When a security vulnerability is identified in respect of a Government system, the Government has a duty to investigate and rectify it. Under Jamaican law, we also have a duty to ensure that any unauthorised access to data is investigated and prosecuted.

Under section 3 of the Cybercrimes Act, “any person who knowingly obtains, for himself or another person, unauthorised access to any program or data held in a computer commits an offence”. The matter has therefore been referred to the Communication Forensics and Cybercrime Unit of the Jamaica Constabulary Force and the Major Organised Crime and Anti-Corruption Agency for further investigation.

The Government of Jamaica wishes to assure all travellers and the public in general that we take data privacy and security extremely seriously.

The Government of Jamaica stands by the JAMCOVID-19 application. The application has been a critical element of our Controlled Entry programme and has served us well in our management of the pandemic. The identified vulnerability has been rectified and the security protocols around the application will continue to be monitored to ensure that they meet the highest standards.

Follow The Gleaner on Twitter and Instagram @JamaicaGleaner and on Facebook @GleanerJamaica. Send us a message on WhatsApp at 1-876-499-0169 or email us at onlinefeedback@gleanerjm.com or editors@gleanerjm.com.