Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Jamaica’s Immigration Website Exposed Thousands of Travelers’ Data

Jamaican government contracted Amber Group to develop a website and app used to publish COVID-19 data and let residents self-report symptoms. The JamCovid19 website and app also acted as a platform for travelers to upload negative test results prior to flying to Jamaica. The Jamaican government implemented this practice as part of their plan to combat the pandemic. Negative test results needed to be uploaded if travelers were coming from high-risk countries including the United States. The cloud storage server containing the JamCovid19 data was configured to allow public access to all files without a password. Researchers discovered the data had been exposed and contacted Amber Group. It is unknown how long the data was left unprotected and the researchers stated that many of the victims of the data breach were Americans. A member of Amber Group said the company created JamCOVID19 in three days and made it available to the government in large part for free.

Analyst Notes

The JamCOVID19 data breach included large amounts of information of Jamaican citizens. In terms of U.S. travelers, it seems the major data stolen cam in the form of negative COVID19 lab test. Threat actors can leverage stolen medical information to impersonate legitimate patients to commit various forms of fraud, including submitting fraudulent claims to health insurers without authorization. This could not only affect healthcare coverage, but also compromise safety if there’s misinformation on file that is needed for medical treatment. Anyone who may have been a victim of a medical data breach should get confirmation from their provider to find out exactly what information was stolen. Change and strengthen any online logins and implement multi-factor authentication. Asking the insurance provider for copies of claims and carefully reviewing explanation of benefits notices can reveal if a patient’s identity has been used fraudulently. This might show if inaccurate health and medical information is present in the patient’s records. Lastly, financial and credit accounts should be monitored closely, because sometimes medical insurance information is used to commit other forms of financial fraud. Placing a credit freeze on file with the credit bureaus and notifying banks or other financial institutions is helpful to prevent fraud when identity theft is suspected.