Update | Samuda warns that no government database impenetrable
As the nation awaits the findings of an investigation into the exposure of thousands of files on the JamCOVID web portal, Jamaicans have been cautioned that no government database is impenetrable.
While acknowledging the magnitude of the data scare, Matthew Samuda, the minister under whose purview oversight falls, drew on information technology breaches in First-World countries.
“Even the United States Pentagon and Facebook itself have had their shares,” said Samuda, minister without portfolio in the Ministry of National Security.
Samuda said that advance work has been done to guard against penetration of government databases.
“We've significantly increased our monitoring of all GOJ IT infrastructure and we continue to improve our (online) security,” Samuda explained.
As part of the ongoing data probe, the Government had signalled that it would punish those found culpable of trespass.
But months after the first breach was revealed in mid-February, the minister said that there was no update immediately available on the state-sponsored probe.
“When there is something to update the country on, we will bring the updates, good, bad or indifferent,” said Samuda during a visit to Montego Bay last week.
The JamCOVID web portal was developed by the Amber Group and handed over to the Government to facilitate the phased re-entry of Jamaicans and international visitors into the island.
However, on Wednesday, February 17, American online newspaper TechCrunch revealed that the JamCOVID web portal, bearing a cloud storage server with uploaded documents, had been left unprotected, leaving thousands of files at risk on the Internet.
At that time, TechCrunch reported that more than 70,000 negative COVID-19 lab results, over 425,000 immigration documents authorising travel to the island – including identity and passport information – and more than 250,000 quarantine orders dating back to June 2020 were at risk.
Additionally, the server, which reportedly contained more than 440,000 images of travellers' signatures, exposed more than 1.1 million of those who had been placed in quarantine and uploaded self-check-in videos.
The Ministry of National Security said, in a February 18 statement, that when security vulnerabilities are identified, the Government has a duty to investigate that exposure.
“Under Jamaican law, we also have a duty to ensure that any unauthorised access to data is investigated and prosecuted,” the ministry said in a press statement then.
Editor's Note: An earlier version of this story suggested that Matthew Samuda said the outrage over the data exposure was overblown. Mr Samuda did reference data breaches of major databases but that statement ought not to have been interpreted as a verdict on public reaction. We regret the error.