The Jamaica Gleaner posted an article on March 1, 2021, about the JAMCovid data breach. Below are some key highlights:
- It’s a welcomed development that a “comprehensive review ” of the security of all government websites is underway to ensure compliance with “international standards and best practices”.
- Even before a technical report of the consequences, or lack thereof, of the exposures, a simple explanation of how this could happen again after the first revelation is necessary.
- Doing so a second and a third time is reckless – and worse. The fact that there are “inherent risks” in the digital environment from people with malign intent, as the Government has pointed out, should not be conflated with what appears to have happened on the JamCOVID site.
- Neither should anger be spewed at journalists reporting information that the public has a legitimate right to know. Or for that matter, anyone with the skills to note and highlight the vulnerabilities of the site.
- The re-establishment of trust in the JamCOVID site, and anywhere else the State stores people’s private data, will demand that the Government follows its own legislation, regulations and guidelines for the management of this information, including its deletion, when required by law.
- Too, of weakening trust in government and raising questions about the real intention of an intrusive State.
- These issues have come in sharp focus over the last fortnight by revelations made by TechCruch, an online publication that reports on technology/business issues, about the security failures of the JamCOVID portal, through which Jamaica manages the movement of travellers to the island in the face of COVID-19 restrictions that was left unprotected.
- On Thursday, the same day Prime Minister Andrew Holness chaired a meeting of the National Security Council focusing on cybersecurity, TechCrunch made a further disclosure of another weakness in the JamCOVID site security that exposed information related to more than half-million quarantine orders.
Reference(s):