DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Jamaica’s Amber Group fixes second JamCOVID security lapse

Posted on February 24, 2021 by Dissent

Zack Whittaker reports:

Amber Group has fixed a second security lapse that exposed private keys and passwords for the government’s JamCOVID app and website.

A security researcher told TechCrunch on Sunday that the Amber Group left a file on the JamCOVID website by mistake, which contained passwords that would have granted access to the backend systems, storage and databases running the JamCOVID site and app. The researcher asked not to be named for fear of legal repercussions from the Jamaican government.

The researcher has reason to be concerned. Rather than fully own the first leak, a Jamaican Minister of National Security suggested that Whittaker may have violated the country’s laws, depending on how or how much he looked at exposed data. He announced that they had opened a criminal investigation.

Such threats — often to divert attention from the entity’s embarrassing failures, is referred to as “shooting the messenger” and can have a chilling effect on responsible disclosure. The fact that the researcher who found a second problem did not contact the government directly and felt the need for protection highlights the risk.  What if the researcher wouldn’t even take a chance by letting a reporter know about the second problem?

As Whittaker reports:

Details of the exposure comes just days after Escala 24×7, a cybersecurity firm based in the Caribbean, claimed that it had found no vulnerabilities in the JamCOVID service following the initial security lapse.

Escala’s chief executive Alejandro Planas declined to say if his company was aware of the second security lapse prior to its comments last week, saying only that his company was under a non-disclosure agreement and “is not able to provide any additional information.”

Read more n TechCrunch.

Related posts:

  • Jamaica’s JamCOVID pulled offline after third security lapse exposed travelers’ data
  • Amber Group breaks silence on unsecured storage bucket; NatSec minister suggests TechCrunch reporter may have violated CyberCrime Act
  • How Jamaica failed to handle its JamCOVID scandal
Category: Commentaries and AnalysesGovernment SectorHealth DataNon-U.S.

Post navigation

← PA: Personal info might have been hacked after January Clearfield County cyber attack
India second only to Japan in Asia Pacic in cyberattacks faced in 2020 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.