Gov't urged to strenghten checks as second Jamcovid security lapse reported


Gov't urged to strenghten checks as second Jamcovid security lapse reported

Observer staff reporter

Tuesday, February 23, 2021

Print this page Email A Friend!

On the heels of the discovery of another security vulnerability on the Jamcovid website, data security and web hosting expert Trevor Forrest has urged the Government to strengthen checks and balances when contracting companies for sensitive data technologies.

“Things need to be done as it relates to these kinds of assessments, ensuring that the systems are in compliance with security standards, and global data protection privacy standards, and so on, and to ensure that Government is on the leading edge of what it needs to do to deliver the services it needs to, and to move into a digital society,” Forrest told the Jamaica Observer yesterday.

Just days after the Government assured users of the Jamcovid application that their personal data was safe, following the revelation that travellers' personal information had been left unprotected, technology magazine TechCrunch yesterday reported another discrepancy in the system.

According to TechCrunch, a second security lapse had exposed private keys and passwords linked to the Government app and the website.

A security researcher, who asked not to be named, due to fears of legal action from the Government of Jamaica, told TechCrunch on Sunday that the Amber Group, which created and implemented the system, allegedly left a file unprotected. The file reportedly contained passwords that would have given access to back-end systems, storage and databases running the site and app.

The file was said to have been left unprotected as a result of a mistake.

It was discovered in an open directory on the Jamcovid website.

The exposed file contained secret credentials for Amazon Web Services databases and storage servers for Jamcovid. The file contained a username and password to the SMS gateway used by Jamcovid to send text messages and credentials for its e-mail-sending server,” according the TechCrunch story entitled 'Jamaica's Amber Group fixes second Jamcovid security lapse'.

The Observer attempted to contact the group's Chief Executive Officer Dushyant Savadia for comment on the latest revelations, but calls to his phone went unanswered. Attempts were also made to get comments from the national security ministry on the matter, but the newspaper was unsuccessful.

TechCrunch reported that it had made Savadia aware of the second breach.

The magazine also said that the Ministry of National Security had not responded to its queries as to whether the Government would continue its contract or relationship with the Amber Group, and what security requirements were agreed on by both Amber and the Government for establishing the app and website.

Now you can read the Jamaica Observer ePaper anytime, anywhere. The Jamaica Observer ePaper is available to you at home or at work, and is the same edition as the printed copy available at




1. We welcome reader comments on the top stories of the day. Some comments may be republished on the website or in the newspaper � email addresses will not be published.

2. Please understand that comments are moderated and it is not always possible to publish all that have been submitted. We will, however, try to publish comments that are representative of all received.

3. We ask that comments are civil and free of libellous or hateful material. Also please stick to the topic under discussion.

4. Please do not write in block capitals since this makes your comment hard to read.

5. Please don't use the comments to advertise. However, our advertising department can be more than accommodating if emailed:

6. If readers wish to report offensive comments, suggest a correction or share a story then please email:

7. Lastly, read our Terms and Conditions and Privacy Policy

comments powered by Disqus



Today's Cartoon

Click image to view full size editorial cartoon