What We Can Learn From The JamCOVID19 Data Breach

The pandemic has changed the way we live daily and, of course, how we do business. Restrictions have been put in place for individuals, public and private institutions in an effort to secure our health and as such, new behaviours such as social distancing, various hygiene practices, virtual schooling, meetings and other digitized business operations will undoubtedly continue to be a part of our lives as we try to curb the spread of the virus.

With this new way of life, businesses have been stepping up their online presence and activities in an effort to sustain operations. This, unfortunately, but expectedly, has created increased opportunities for incendiaries to ramp up scamming, hacking, data theft and phishing attempts – often preying on unsuspecting companies with perceived vulnerable systems. 

This is why the events of the past few weeks were so unnerving. Recently it was discovered that the immigration records and COVID-19 test results for several thousands of visitors to the island were left exposed because the cloud storage server used to house data uploaded to the widely used JamCOVID19 website and app by users was left inadequately protected. This allowed easy access by people on the internet to users’ personal and other data.

How Could This Issue Have Been Avoided?

tTech believes that lapse in security could have been avoided if security had been made an important part of both the development and operational processes of the website and app. Unfortunately, some Developers do not consider matters of security seriously enough throughout the development cycle and only resort to half-measures like simple username and password requirements for users when development is done. This, as we have seen in the JamCOVID19 case, can lead to serious flaws that result in data exposure for the application’s users.

In the wake of these discoveries, however, we are reminded that Jamaica is neither the first nor the last country and your business is not the first or last entity to have been affected by a data breach. Some of the most prolific international companies in the world like Facebook and Marriott International, for example, have experienced security breaches within the past two years. This means that it is not uncommon for security issues to arise among even those that are perceived to be less vulnerable. 

A data breach can be dire for business operators due to possible fines, unwanted legal attention, as well as the loss of reputation and stakeholder confidence, but it can be just as devastating for the application users. This makes the consideration of Data Protection as well as IT Compliance and Data Privacy protocol even more important in the local landscape. tTech has been at the forefront of IT education and service in Jamaica where this is concerned; providing IT consultancy and solutions for local businesses as the related laws loom closer. Reach out to us via email at sales@ttech.com.jm or call us at 876-656-8448 to find out how your company can avoid the same mistakes.