According to TechCrunch, "a cloud storage server storing those uploaded documents was left unprotected and without a password, and was publicly spilling out files onto the open web."
“Many of the victims whose information was found on the exposed server are Americans,” the website said.
TechCrunch says data was secured after they contacted Amber Group’s chief executive Dushyant Savadia.
They explained that "the storage server, hosted on Amazon Web Services, was set to public. It’s not known for how long the data was unprotected, but contained more than 70,000 negative COVID-19 lab results, over 425,000 immigration documents authorizing travel to the island — which included the traveler’s name, date of birth and passport numbers — and over 250,000 quarantine orders dating back to June 2020, when Jamaica reopened its borders to visitors after the pandemic’s first wave. The server also contained more than 440,000 images of travelers’ signatures."
However, a statement from the government said : "A thorough investigation was immediately initiated to determine if there were any breaches in travellers’ data security, if the vulnerability had been exploited, and if there was a breach of any laws. At present, there is no evidence to suggest that the security vulnerability had been exploited for malicious data extraction prior to it being rectified.
"Nevertheless, out of an abundance of caution, we have contacted travellers whose data may have been subject to the vulnerability and have assured them that steps have been taken to ensure the integrity and the confidentiality of the data."
According to TechCrunch, The server exposed more than 1.1 million of those daily updating check-in videos.
The server also contained dozens of daily timestamped spreadsheets named “PICA,” likely for the Jamaican passport, immigration and citizenship agency, but these were restricted by access permissions.
"The Jamaican government contracted Amber Group to build the JamCOVID19 website and app, which the government uses to publish daily coronavirus figures and allows residents to self-report their symptoms. The contractor also built the website to pre-approve travel applications to visit the island during the pandemic, a process that requires travelers to upload a negative COVID-19 test result before they board their flight if they come from high-risk countries, including the United States," TechCrunch said.
- Countries: Jamaica
- JAMAICA | Psychologist warns against prolonged use of electronic gadgets by children
- JAMAICA | 65% Of Population Targeted For COVID-19 Vaccine By March 22, 2022
- JAMAICA | New arrival date for COVID-19 vaccine shipment from India
- JAMAICA | Gov't to Allow operation of Some Quick Service Industries During Curfew Hours
- JAMAICA |. No Politics and Favoritism Around COVID-19 Vaccination - PM Holness