The Jamaican Government today sought to prevent any potential fallout from the revelation of a security lapse that exposed immigration records and COVID-19 test results for hundreds of thousands of travelers who visited the island over the past year.

Technology news website TechCrunch had earlier in the day published an article claiming the country’s jamcovid19 website, at which individuals wishing to visit the island are required to submit personal information in order to receive authorisation to travel, had left that data exposed.

In the article, TechCrunch said a cloud storage server storing the uploaded documents was left unprotected and without a password, and was “publicly spilling out files onto the open web”.

TechCrunch acknowledged however that the data was now secure after it contacted the local contractor who developed the website for comment.

While TechCrunch was unable to get a response from either the contractor or a representative of the Ministry of Health and Wellness who was contacted, the national security ministry said today that a security vulnerability associated with the file storage service on the JAMCOVID-19 application was discovered yesterday and was immediately rectified.

The ministry said that, after a thorough investigation, there was no immediate evidence that the security vulnerability had been exploited for malicious purposes and that, out of an abundance of caution, it had contacted travellers whose data may have been subject to the vulnerability.

The ministry said it assured those contacted that steps had been taken to ensure the integrity and the confidentiality of the data.

In its report, TechCrunch said the storage server, hosted on Amazon Web Services, had been set to public, but it was not clear for how long the data had been unprotected.

At the time the issue was discovered, the server reportedly contained more than 70,000 negative COVID-19 lab results, over 425,000 immigration documents authorising travel to the island (including travelers’ names, dates of birth and passport numbers) and more than 250,000 quarantine orders dating back to June 2020. The server also contained more than 440,000 images of travelers’ signatures.