Immigration data of thousands exposed on JamCOVID-19 website

US online newspaper TechCrunch has given details of  the hundreds of  thousands of  pieces of  personal information which were available for public access because of  a security lapse on the JamCovid-19 website.

The website and app built by the Amber Group stored immigration records and COVID-19 test results for hundreds of  thousands of  travelers who visited Jamaica over the past year.

However, TechCrunch says a cloud storage server storing those uploaded documents was left unprotected and without a password, and was publicly spilling out files onto the open web. 

According to TechCrunch, the storage server, hosted on Amazon Web Services, was set to public.

It's not known for how long the data was unprotected, but contained more than 70,000 negative COVID-19 lab results and over 425,000 immigration documents authorizing travel to the island, which included the traveler's names, date of birth and passport numbers.

The data also included over 250,000 quarantine orders dating back to June 2020, when Jamaica reopened its borders to visitors after the pandemic's first wave.

In addition, the server contained more than 440,000 images of travelers' signatures.

Travelers who are staying outside Jamaica's resilient corridor were told to install the app built by Amber Group that tracks their location.

The app also required that travelers record short check-in videos with a daily code sent by the government, along with their name and any symptoms.

The server exposed more than 1.1 million of those daily check-in videos.

TechCrunch said the data was secured after it contacted Amber Group's chief executive.

Meanwhile, Professor of  Computer Science specialising in computer security, Sean Thorpe, says he's flabbergasted at the data breach relating to the JamCovid website.