Wiredja Online News Logo

WiredJa Online News

Wiredja Online News Logo

WiredJa Online News

JAMAICA | Immigration website exposed thousands of travelers’ data

  • Written by wiredja.com news team
  • Published in local news
Featured JAMAICA | Immigration website exposed thousands of travelers’ data
KINGSTON, Jamaica, February 18, 2021 -  The government of Jamaica says a security vulnerability associated with the file storage service on the JAMCOVID-19 application that was discovered on February 16,  has been repaired. This is after TechCrunch, a technology website reported that a security lapse on the JamCOVID19 website, has exposed immigration records and COVID-19 test results for hundreds of thousands of travelers who visited the island over the past year.

According to TechCrunch, "a cloud storage server storing those uploaded documents was left unprotected and without a password, and was publicly spilling out files onto the open web."

“Many of the victims whose information was found on the exposed server are Americans,” the website said.

TechCrunch says data was secured after they contacted Amber Group’s chief executive Dushyant Savadia.

They explained that "the storage server, hosted on Amazon Web Services, was set to public. It’s not known for how long the data was unprotected, but contained more than 70,000 negative COVID-19 lab results, over 425,000 immigration documents authorizing travel to the island — which included the traveler’s name, date of birth and passport numbers — and over 250,000 quarantine orders dating back to June 2020, when Jamaica reopened its borders to visitors after the pandemic’s first wave. The server also contained more than 440,000 images of travelers’ signatures."

However, a statement from the government said : "A thorough investigation was immediately initiated to determine if there were any breaches in travellers’ data security, if the vulnerability had been exploited, and if there was a breach of any laws. At present, there is no evidence to suggest that the security vulnerability had been exploited for malicious data extraction prior to it being rectified.

"Nevertheless, out of an abundance of caution, we have contacted travellers whose data may have been subject to the vulnerability and have assured them that steps have been taken to ensure the integrity and the confidentiality of the data."

According to TechCrunch, The server exposed more than 1.1 million of those daily updating check-in videos.

The server also contained dozens of daily timestamped spreadsheets named “PICA,” likely for the Jamaican passport, immigration and citizenship agency, but these were restricted by access permissions.

"The Jamaican government contracted Amber Group to build the JamCOVID19 website and app, which the government uses to publish daily coronavirus figures and allows residents to self-report their symptoms. The contractor also built the website to pre-approve travel applications to visit the island during the pandemic, a process that requires travelers to upload a negative COVID-19 test result before they board their flight if they come from high-risk countries, including the United States," TechCrunch said.

 

Last modified onThursday, 18 February 2021 06:58
  • Countries: Jamaica