Cybersecurity consultant Gavin Dennis
The Government of Jamaica is yet to update the country on the findings of its internal review of the JAMCOVID-19 website, following the potential exposure of hundreds of thousands of travellers' data.
Findings from an independent review were expected to be turned over to the government on Friday.
The US based technology publication which last week revealed a weakness on the website and app has hit back at comments made by Minister without portfolio in the National Security Ministry, Matthew Samuda that only about 700 travellers were affected.
Cybersecurity consultant Gavin Dennis said the country needs to hear concrete information from the government on the findings of the review, especially with the writer of the TechCrunch article, Zach Whittaker countering aspects of the Government's response so far.
Mr. Dennis was speaking on TVJ's Smile Jamaica programme on Monday.
“The government says it’s not that many records while the reporter is saying it’s another quantity. So it’s still up for dispute in terms of the true figures of how much data was disclosed. I’m hoping that the battle will end because I wouldn’t want TechCrunch to prove that it is really a higher amount of data,” he said.
Mr. Dennis says the privacy breach seemed to be a genuine error on the JAMCOVID-19 website.
He says it does not amount to a security breach as there is no evidence of an attack or malicious use of the data.
Mr. Dennis gave his views on how the error which resulted in the privacy breach occurred.
“What happens is that because [of] the type of server, it’s not like a normal website. So a lot of times administrators believe that people don’t know about it because it’s not the type of link you’d post online…and then that leads to the issue,” he explained
The matter was referred to the Communication Forensics and Cybercrime Unit of the Jamaica Constabulary Force and the Major Organised Crime and Anti-Corruption Agency.