Tax officials reveal system breach by online hacker
Livern Barrett, Gleaner Writer
Jamaican tax officials have confirmed that one of their computer systems was hacked, but have given the assurance that sensitive information concerning taxpayers was not compromised.
The admission by the Tax Administration of Jamaica (TAJ) came yesterday, days after The Gleaner discovered a hacker boasting on a social media network that he had accessed the TAJ's database and had leaked the information to other networks.
"(User name withheld) has just leaked a database from an attack on the Tax Administration of Jamaica (http://www.jrs.gov.jm)," the person believed to be the hacker wrote in an online post.
"The leaked data was announced via twitter and uploaded to (name of website withheld) and it also contains vulnerabilities within the server," the post continued.
Communications officer at the TAJ, Leighton Beckles, told The Gleaner that the "breach" was discovered "several days ago" by the TAJ's service provider.
However, Beckles said the service provider was still conducting a series of checks to get a clearer picture of the extent of the breach.
But he said the TAJ has been assured that the "breach" was confined to a "retired corporate (web)site" that contained only general public information.
"Our service providers are now working it through to see what kind of other breaches may have occurred just to be sure," Beckles explained.
"And because we are working alongside them, they will naturally advise us if they have found anything other than what they had told us earlier," he added.
Beckles said the url identified by the hacker, www.jrs.gov.jm, is the web portal for the old Jamaica Revenue Service, which has since been replaced by the TAJ.
"The information on it would not only be general information, but outdated information because our new corporate website has a new url," Beckles said.
"So nothing would have been compromised in terms of taxpayer information. It had nothing to do with the new Jamaica tax portal," he insisted.
Taking no chance
Despite this, however, tax officials are taking no chances and have put a number of measures in place to prevent a recurrence.
One of those measures, according to Beckles, is a simultaneous probe by the TAJ's service providers to identify the "breach points".
"(This is to find out) Exactly where the breach took place and to ensure that we cover that up and to make sure that there are no other breach points," he explained.
The TAJ communications officer said the agency has also changed the passwords for all its administrative accounts.
In addition, he said all firewall settings were being updated and file system integrity tests were being done on an hourly basis "just to ensure that we are not finding anything that is considered suspicious activity".
"We are doing the checks, we are running it through and, naturally, if there is anything that we believe the media and the general public need to know, we will update them to let them know what is happening," Beckles said.
He could not say if the police have been called in to investigate the incident.