Opposition calls for transparency on JAMCOVID breach

The Opposition is calling for transparency from the government surrounding the security breach associated with the JAMCOVID-19 application.

The application, developed by the Amber Group, allows users to enter personal data, including medical records, before they are given approval to enter the country.   

The application is also used to track the movement of those placed in quarantine.  

It was reported that more than 70,000 negative COVID-19 lab results, over 425,000 immigration documents – including identity and passport information – and more than 250,000 quarantine orders dating back to June 2020 were at risk.  

Opposition Spokesperson on Science, Technology and Commerce, Hugh Graham, says the Government and the Amber Group need to clear the air surrounding the JAMCOVID app quickly and with honesty and transparency.

Earlier this week oversees investigative reporters broke news that the data of nearly half a million people were left unprotected and was only rectified after direct contact was made with the contractors, the Amber Group of Companies.

“Everything we know right now has come from investigative reporting. Already, the information from the Government conflicts with the reports from tech experts, and this is causing alarm and deep concern in the public domain,” Graham said in a statement.

“We need clarity from the Ministries of Health and National Security about when they first learnt of the breach. The Ministry of National Security issued a statement on Wednesday indicating that they discovered the breach on Tuesday, February 16, 2021, yet the technical team that initiated contact with the Government claims to have alerted them from as early as February 13, 2021,” Graham said.

The opposition spokesperson is demanding that the Government and Amber Group explicitly outline the steps undertaken to cauterise the security vulnerability, and be truthful about steps taken to notify vulnerable people about the potential risks to themselves and their data.

The security ministry told the country that a security vulnerability associated with the file storage service on the JAMCOVID-19 application was discovered on Tuesday and was immediately rectified.  

And it also stated that the database is hosted on an Amazon Web Services cloud server account owned by the Government. 

“Is the Government really trying to tell the public that they already contacted everyone who was involved in the breach in just one night? That they’ve already identified every piece of data that was left open to hackers and made contact with nearly half a million potential victims?” said Graham.

He is charging that the government's handling of the incident does not inspire confidence and that a nervous public is already expressing reservations about the proposed NIDS.

READ: Data Breach Blowback - JAMCOVID exposure a treasure trove for scammers, says expert

The government issued a statement yesterday indicating that a criminal investigation has been launched into an alleged security breach of the JAMCOVID application.   

At the same time, it stated that it stands by the JAMCOVID-19 app, arguing that it has been a critical element of Jamaica’s controlled entry programme and has served the country well in its management of the pandemic.

READ: Prosecution threat for JAMCOVID breach

Graham repeated his call for a transparent and thorough investigation and warned that, “we cannot afford to expose our reputation and brand Jamaica to further risk.”

Follow The Gleaner on Twitter and Instagram @JamaicaGleaner and on Facebook @GleanerJamaica. Send us a message on WhatsApp at 1-876-499-0169 or email us at onlinefeedback@gleanerjm.com or editors@gleanerjm.com.