The Jamaican government has begun a criminal investigation after a security vulnerability was discovered associated with the JamCovid-19 app which people travelling to the country have to use to gain authorisation to enter.

The system’s weakness has been rectified and the security protocols around the app will be monitored to ensure that they meet the highest standards, the government said, adding it takes data privacy and security extremely seriously.

An independent review has been commissioned into the system’s security.

Under Jamaican law whenever a security vulnerability is identified in a government system, it has a duty to investigate and rectify the weakness. Any unauthorised access to data can lead to prosecution.

“The matter has therefore been referred to the Communication Forensics and Cybercrime Unit of the Jamaica Constabulary Force and the Major Organised Crime and Anti-Corruption Agency for further investigation,” the government said.

The JamCovid-19 database is hosted on an Amazon Web Service (AWS) cloud server account owned by the government, which says it stands by the app.

“[It] has been a critical element of our controlled entry programme and has served us well in our management of the pandemic,” it added. 

The government also said systems related to passport, immigration and the citizenship agency were unaffected by the vulnerability.

Register for free to receive the latest privacy, security and data protection news and analysis straight to your inbox