The Jamaica Gleaner posted an article on February 21, 2021, about the Amber Group speaking about the JAMCOVID breach. Below are some key highlights:
- The Amber Group has broken its silence on the exposure of personal data on thousands of travellers on the government’s COVID-19 website (JAMCOVID) it developed.
- The website developer is saying nothing about how such a lapse could have occurred and why allegedly months-old data were in storage and not destroyed, as promised by authorities
“We are confident this was a completely isolated occurrence,” the group said in a statement to The Gleaner
- Questions on its monitoring mechanism; provision of services to other government entities; data security system; costs; speed in building JAMCOVID; data storage policies; history in digital technology, among others, were not answered, as Amber said it could not provide responses in time for publication.
- That investigative angle has sent confusing signals, suggesting the government may be pursuing a bad actor, especially given that the US specialist online newspaper TechCrunch, which broke the story on February 17, said it found the cloud storage “unprotected and without password.”
- “We very much hope that the government will address any weakness in the system appropriately and in a timely manner,” said Ambassador Marianne Van Steen, local head of the EU, whose General Data Protection Regulation (GDPR) includes fines of $3.6 billion (20 million euros) or four per cent of annual income breaches affecting EU citizens