The Jamaica Government published an article on February 19, 2021, about the criminal probe for the JAMCOVID-19 app data security breach. Here’s a summary:
- The Government said it has initiated a criminal investigation into the data breach of its JAMCOVID-19 application. The gravity of the breach was highlighted by cybersecurity and web hosting expert, Trevor Forrest who argued that the Government could find itself in a “legal pickle” especially under European law.
- “The General Data Protection Regulation (GDPR) is the law for the European Union as it relates to how data of European citizens are treated. It protects European citizens’ data wherever it resides. Based on the GDPR, a European citizen can say that they have been advised that their data has been compromised but can take legal action to hold someone liable.
- The government of Jamaica can be sued as it is the data controller of European citizens’ data. If held accountable as an organization, the fine amounts to around four percent of total revenue.
- The Government stated the security vulnerability has been rectified and a thorough investigation was immediately initiated to determine if there were any breaches in travellers’ data security if the vulnerability had been exploited and if there was a breach In any laws.
- It was said that while there was no evidence to suggest that the security vulnerability had been exploited for malicious data extraction before it being rectified, the Government had contacted travellers whose data may have been subject to the vulnerability and have assured them that steps have been taken to ensure the integrity and the confidentiality of the data.
- The Government said that the systems of the Passport, Immigration and Citizenship Agency were not in any way affected, compromised or exposed by the vulnerability.
- Under Jamaican law, there is a duty to ensure that any unauthorised access to data is to be investigated and prosecuted under section 3 of the Cybercrimes Act.
- The matter has been referred to the Communication Forensics and Cybercrime Unit of the Jamaica Constabulary Force and the Major Organised Crime and Anti-Corruption Agency for further investigation. The system was donated free to the Government by Amber Group
Source: jamaicaobserver.com
Contributed by Racquel Bailey from Jamaica. Racquel is a member of our Women in InfoSec Caribbean (WISC) initiative on Discord. WISC is a non-profit initiative supporting Caribbean women and girls to develop a career in Information Security.
Learn more about WISC at wiscaribbean.org.