Wed | May 5, 2021

Gov't says no malicious data extraction or leakage with JAMCOVID

Published:Tuesday | February 23, 2021 | 3:24 PM
The government says a comprehensive review of all aspects of the JAMCOVID site, application and associated databases is being undertaken and changes implemented with a view to further hardening security and strengthening all security features.

The Ministry of National Security is reporting that the investigation into the breach surrounding the JAMCOVID application has not revealed any evidence that the vulnerabilities identified were exploited for malicious data extraction or leakage.

“We understand and share the concerns of the public on this matter and assure all concerned that we continue to work assiduously with the relevant stakeholders and developers to take appropriate actions,” the Ministry said in a statement this afternoon.

It added that a comprehensive review of all aspects of the JAMCOVID site, application and associated databases is being undertaken and changes implemented with a view to further hardening security and strengthening all security features.

“As in all sensitive matters, we encourage the public to refrain from speculation and thank you for your patience. We await the outcome of the ongoing review process, and commit to keeping the public informed,” the Ministry said.

The statement came after another alleged security flaw associated with the application was reportedly been uncovered just days after its developer, Amber Group, sought to reassure that the application is safe.

On Monday, TechCrunch, a United States-based newspaper, claimed that a researcher found that a file was left on the server which reportedly exposed passwords to access backend systems such as databases and mail servers which are connected to the JAMCOVID-19 application.

READ: Another alleged JAMCOVID security flaw uncovered

It had been reported that hundreds of thousands of records might have been compromised although Government Minister Matthew Samuda claimed that just under 700 persons’ records might have been exposed.

The Government said it contacted those whose data might have been exposed.

The application, which was developed by the Amber Group last summer, allows users to enter personal data, including medical records, before they are given approval to enter Jamaica.

The application is also used to track the movement of those placed in quarantine.

Last week, the Ministry of National Security, smarting from the embarrassing ordeal which had placed the spotlight on the security of the application, said it had opened a criminal probe into the matter although it has shed very little details on its ongoing investigation.

READ: Prosecution threat for JAMCOVID breach

The government assured that it is committed to keeping the public informed.

Follow The Gleaner on Twitter and Instagram @JamaicaGleaner and on Facebook @GleanerJamaica. Send us a message on WhatsApp at 1-876-499-0169 or email us at onlinefeedback@gleanerjm.com or editors@gleanerjm.com.