KPMG Jamaica Notifies Staff and Regulators After Employment Data Exposed

KPMG Jamaica Extended Support Services alerted staff and regulators after discovering that an internal employment dataset had been uploaded to an external Azure cloud workspace. The unit, often shortened to KJESS, disclosed the notification and the location of the exposed files to affected employees and to regulatory authorities.

The notification was issued on February 16, 2026, following the discovery that employment records maintained inside KPMG Jamaica had been placed on an external Azure environment. KJESS identified the data as an internal employment dataset and took the step of informing employees and regulators on that date.

KJESS is the KPMG Jamaica arm referenced in the notification; the organization told employees that the files had been uploaded to an external cloud workspace tied to Microsoft's Azure platform. The materials described internally were employment-related records belonging to KPMG Jamaica staff, and the firm routed formal notifications through its internal channels and regulatory notification procedures on February 16, 2026.

The disclosure did not include a public tally of how many employees were affected or the precise contents or size of the dataset that was uploaded to the external Azure workspace. KJESS staff received direct notification about the exposure, and regulators were notified under the same timeline; the company has characterized the issue as tied to an upload of internal employment data to an external cloud workspace.

At this writing, KJESS has confirmed the facts of the upload, the classification of the files as an internal employment dataset, and the notifications to employees and regulators that occurred on February 16, 2026. The scope of remediation, the technical cause of the upload to the external Azure workspace, and any follow-up actions by regulators have not been published alongside the notification to staff.

For KPMG Jamaica employees, the immediate detail established by KJESS is the type of data involved and the destination platform - an external Azure cloud workspace - and that the firm proceeded to notify both staff and regulatory bodies on February 16, 2026. Future updates are expected to clarify the number of records affected and the regulatory response.