The Opposition People’s National Party (PNP) is demanding an explanation after yesterday’s revelation of a security lapse that resulted in the individuals’ personal data uploaded to the JAMCOVID19 website spilling out to the public.

In a statement, Hugh Graham, the Opposition spokesman on science, technology and commerce, said Minister of National Security Dr Horace Chang must address Parliament, which opens today, about the reports which first came to light in an article published by technology website TechCrunch yesterday (February 17).

According to TechCrunch, a cloud storage server storing the uploaded documents was left unprotected and without a password, and was “publicly spilling out files onto the open web”.

VULNERABILITY RECTIFIED

TechCrunch acknowledged however that the data was now secure after it contacted the local contractor who developed the website for comment.

The national security ministry subsequently said a security vulnerability associated with the file storage service on the JAMCOVID-19 application was immediately rectified after being discovered.

“It’s easy to say the data is ‘now secure’ — but we need to know what caused this breach in the first place, and the public assured that this will not recur,” Graham said in a statement.

“We’re inviting people to come to Jamaica and upload sensitive data through this application, so we must guarantee our visitors that their private data will be safe.”

The ministry had said yesterday that, after a thorough investigation, there was no immediate evidence that the security vulnerability had been exploited for malicious purposes and that, out of an abundance of caution, it had contacted travellers whose data may have been subject to the vulnerability.

But despite the Government’s assurances, Graham said: “With the kind of information that was left open to potential abuse, we cannot rule out malicious intent without a clear, transparent, thorough investigation. It can’t be that you find out about this kind of a breach and a few hours later you say ‘at present there is no evidence’ to suggest malicious intent.”

He added: “The minister must be ready to address Parliament on this situation this week, or we must have the permanent secretary appear in the appropriate venue to make public the terms, nature and progress of the investigation. Platitudes and assurances don’t have much currency in matters like this. What Jamaicans and the potential victims of identity theft want is a clear demonstration of competence.”