Data collected from thousands of travellers to Jamaica, who were required to use the JAMCOVID app prior to arrival on the island, were left exposed online, according to a report from a US Tech website.
According to Tech Crunch, Amber Group, the firm contracted to build the app and website, held the data in a cloud storage server that was not password protected.
“The storage server, hosted on Amazon Web Services, was set to public. It’s not known for how long the data was unprotected, but contained more than 70,000 negative COVID-19 lab results, over 425,000 immigration documents authorizing travel to the island,” read the report from Tech Crunch.
“The server also contained dozens of daily timestamped spreadsheets named “PICA,” likely for the Jamaican passport, immigration and citizenship agency, but these were restricted by access permissions. But the permissions on the storage server were set so that anyone had full control of the files inside, such as allowing them to be downloaded or deleted altogether,” added Tech Crunch.
CEO for Amber Group, Dushyant Savadia, is reported in the Jamaica Gleaner to have developed JamCOVID19 “within three days”.
Travellers to Jamaica are required to use the JAMCOVID-19 app to upload data, include PCR tests, passport number and flight details, to be considered for landing in Jamaica.