Jamaica just experienced a massive data breach that exposed the immigration and COVID-19 records of hundreds of thousands of people who visited the island over the past year. Much of the information found on the exposed server was from Americans.
According to TechCrunch, the Jamaican government contractor Amber Group left a storage server on Amazon Web Services (AWS) unprotected and without a password. The server was set to public which enabled anyone to have access to the data. The unprotected data consisted of 70,000 COVID lab results, 425,000 immigration records, 250,000 quarantine orders, and 440,000 images of traveler’s signatures.
Anyone traveling to Jamaica had to download Amber Group’s app to report COVID results before allowed entry. Those who tested positive in Jamaica had to use the app to monitor symptoms and allow the government to track their whereabouts to ensure they were quarantining. All of that data from the app, over 1.1 million records, was exposed.
When handling sensitive and private information like Amber Group was, there is no room for mistakes like leaving a server unprotected. Organizations need to adopt cloud security strategies to protect their data and provide automated real-time remediation to catch risks.
DivvyCloud by Rapid7 protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges. With automated, real-time remediation, DivvyCloud by Rapid7 customers achieve continuous security and compliance, and can fully realize the benefits of cloud and container technology.