The Office of the Registrar-General (ORG), Jamaica’s government agency responsible for maintaining official records of births, marriages, stillbirths, and deaths, suffered a cyber-attack that crippled its website and potentially compromised highly sensitive personal data. The attack was detected on August 24, with initial assessments suggesting it was primarily aimed at disrupting system availability. While the agency activated its Incident Response Plan including containment, forensic investigation, and regulatory notifications services remained temporarily unavailable, causing inconvenience to citizens and businesses reliant on its records. The breach triggered involvement from law enforcement (Major Organised Crime and Anti-Corruption Agency) and an external security team to assess the scope of the compromise. Though the ORG claimed its security measures limited the impact, the attack’s potential exposure of national identity records (birth/marriage/death certificates) poses severe risks, including identity theft, fraud, and operational disruptions for government-dependent processes. Investigations are ongoing, but the incident underscores vulnerabilities in critical public infrastructure and the escalating threat of state-targeted cyber disruptions.
TPRM report: https://www.rankiteo.com/company/registrar-general's-department
"id": "reg535082825",
"linkid": "registrar-general's-department",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Individuals and businesses '
'relying on birth, marriage, '
'stillbirth, and death records',
'industry': 'Public Administration / Civil '
'Registration',
'location': 'Jamaica',
'name': 'Office of the Registrar-General (Jamaica)',
'type': 'Government Agency'}],
'customer_advisories': 'Public apology for inconvenience; no specific '
'advisories on data protection actions yet',
'data_breach': {'data_exfiltration': 'Unconfirmed (under investigation)',
'personally_identifiable_information': 'Potential (names, '
'dates, and other '
'details from civil '
'records)',
'sensitivity_of_data': 'High (official civil registration '
'records)',
'type_of_data_compromised': ['Potential: Birth records',
'Marriage records',
'Stillbirth records',
'Death records']},
'date_detected': '2024-08-24',
'date_publicly_disclosed': '2024-08-28',
'description': 'The website of the Office of the Registrar-General (formerly '
'the Registrar General Department) in Jamaica was crippled by '
'a cyber-attack, potentially compromising highly-sensitive '
'data including official records of births, marriages, '
'stillbirths, and deaths. The website remains inaccessible as '
'of Wednesday afternoon. Investigations are ongoing, with '
'external security teams and law enforcement (including MOCA) '
'involved. Initial assessments suggest the attack was '
'primarily designed to disrupt system availability. The agency '
'activated its Incident Response Plan, including containment, '
'forensic investigation, regulatory notifications, and '
'recovery efforts. Services remain temporarily impacted, and '
'the full scope of the breach is still under investigation.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'service disruption and data breach '
'concerns',
'data_compromised': ['Potential compromise of highly-sensitive '
'records (births, marriages, stillbirths, '
'deaths)'],
'downtime': 'Ongoing as of 2024-08-28 (since 2024-08-24)',
'identity_theft_risk': 'High (if sensitive records were '
'compromised)',
'operational_impact': 'Services temporarily unavailable or '
'disrupted for individuals and businesses',
'systems_affected': ['Website',
'Potential internal systems (under '
'investigation)']},
'initial_access_broker': {'high_value_targets': ['Civil registration '
'databases']},
'investigation_status': 'Ongoing (as of 2024-08-28)',
'motivation': ['Disruption of Services', 'Potential Data Theft'],
'post_incident_analysis': {'corrective_actions': ['Strengthening defenses',
'Investing in cybersecurity '
'improvements']},
'recommendations': ['Commitment to invest in and strengthen cybersecurity '
'defenses',
'Learning from the incident to improve future resilience'],
'references': [{'date_accessed': '2024-08-28',
'source': 'The Gleaner',
'url': 'https://jamaica-gleaner.com'},
{'date_accessed': '2024-08-28',
'source': 'Office of the Registrar-General Media Release'}],
'regulatory_compliance': {'regulatory_notifications': ['Relevant regulatory '
'authorities notified '
'(specific agencies '
'not named)']},
'response': {'communication_strategy': ['Media release issued',
'Public acknowledgment of disruption '
'and regret for inconvenience'],
'containment_measures': 'Threat containment initiated as part of '
'Incident Response Plan',
'incident_response_plan_activated': 'Yes (immediately upon '
'detection)',
'law_enforcement_notified': 'Yes (Major Organised Crime and '
'Anti-Corruption Agency - MOCA)',
'recovery_measures': 'Ongoing (as of 2024-08-28)',
'remediation_measures': ['Digital forensic investigation',
'Systems and operational recovery'],
'third_party_assistance': 'Yes (external security team engaged)'},
'stakeholder_advisories': 'Public media release acknowledging disruption and '
'ongoing investigations',
'title': 'Cyber-Attack on Office of the Registrar-General, Jamaica',
'type': ['Cyber-Attack', 'Potential Data Breach', 'Service Disruption']}