Government initiates criminal investigation into data breach
KINGSTON, Jamaica — The identified vulnerability on the JAMCOVID-19 application has been rectified and security protocols around it will continue to be monitored to ensure that they meet the highest standards, the Ministry of National Security has revealed.
In an update on the ongoing investigation into the data breach, the ministry noted that an independent review has been commissioned of the security of the system.
The results of this independent review are expected within the next 24 hours.
The ministry said the systems of the Passport, Immigration and Citizenship Agency were not in any way affected, compromised or exposed by the vulnerability.
It noted that the database is hosted on a cloud server account owned by the Government of Jamaica.
“When a security vulnerability is identified in respect of a Government system, the Government has a duty to investigate and rectify it. Under Jamaican law, we also have a duty to ensure that any unauthorised access to data is investigated and prosecuted. Under section 3 of the Cybercrimes Act, ‘any person who knowingly obtains, for himself or another person, unauthorised access to any programme or data held in a computer, commits an offence’,” the ministry said.
It said the matter has therefore been referred to the Communication Forensics and Cybercrime Unit of the Jamaica Constabulary Force, and the Major Organised Crime and Anti-Corruption Agency for further investigation.
Meanwhile, the government said it stands by the JAMCOVID application as it has been a critical element of the country’s controlled entry programme and has served well in the management of the pandemic.
The government further assured all travellers and the public in general that it takes data privacy and security “extremely seriously”.