Cyber Incident Victim: JamaicaEye

On or around June 1, 2023, the Ministry of National Security confirmed that a cyber-incident had occurred, which preliminarily affected access to the JamaicaEye website. The ministry issued a public statement confirming the event, noting that its team of experts, along with the Jamaica Constabulary Force and the Major Organised Crime & Anti-Corruption Agency (MOCA), were actively evaluating the extent of the breach. This multi-agency response was initiated to assess the scope and impact of the incident. The immediate effect was the disruption of access to the public-facing website associated with the JamaicaEye program.

A critical point clarified by the Ministry of National Security was that the compromised website was not connected in any way to the central infrastructure of the JamaicaEye surveillance system itself. This architectural separation was a key factor in limiting the overall impact of the attack. Because the website was isolated from the core operational technology, the ministry confirmed there had been no compromise to any video footage or evidence recorded by the physical JamaicaEye cameras. The integrity and availability of the surveillance data remained intact and were not affected by this incident.

While the central surveillance system was confirmed to be secure, the ministry was unable to immediately confirm whether data related to individuals who had registered their interest in partnering with the JamaicaEye program had been exfiltrated. This potential data compromise represented a significant area of concern and a focus for the ongoing investigation. The registration data likely contained personally identifiable information of prospective partners and stakeholders, making its potential loss a serious matter. The evaluation by the expert teams was necessary to determine if this data was accessed or stolen during the cyber-incident.

The incident primarily manifested as an availability issue, denying access to the website's functionality. The attack did not result in a disruption of live surveillance operations or the recording of evidence, as those functions are managed by a separate, secured system. The response actions were focused on forensic analysis to understand the method of attack, the point of entry, and the specific data sets that may have been targeted. The collaboration between the Ministry's experts, the Jamaica Constabulary Force, and MOCA underscored the serious and coordinated nature of the official response to a breach affecting a national security-related program.

The public confirmation of the incident was communicated on the same day it was discovered, indicating a prompt disclosure. The ministry’s release provided factual information about what was known and, just as importantly, what was not yet known regarding data exfiltration. This transparency was aimed at managing public concern while the investigation proceeded. The work to evaluate the breach continued as the agencies involved worked to ascertain the full details of the attack vector and any potential data loss. The primary consequence was the temporary loss of website access and the potential compromise of partner registration information, while the core national security function of the JamaicaEye system remained fully operational and unaffected.