FeaturedOpinion

What does the TSTT breach mean for customers?

By
2 Mins read
8038
Share

Above: Rishi Maharaj.

Data protection consultant Rishi Maharaj on the TSTT Breach

From a Data Protection standpoint (which we don’t have but other countries in the region have adopted) there are several areas of concern.

Timing of the Disclosure: TSTT mentions that they became aware of the cyber-attack on October 9th, 2023. The gap between the attack and public disclosure appears to be significant, which could be concerning under Data Protection principles, especially as people’s personal data was comprised. From a data Protection perspective, reports should be made to a regulator within a specific time frame, namely 3 to 5 days and individuals must be informed, but alas we have no laws that place these requirements on companies here.

Nature of the Data: The breach reportedly includes customer lines, ID scans, and database dumps. ID scans can be considered as sensitive data, and its exfiltration poses significant risks for identity theft and fraud.

Assertion of ‘No Loss or Compromise’: TSTT states that there was “no loss or compromise of customer data”. However, considering the purported evidence available on the dark web, this claim may appear to contradict the presented data by RansomEXX. Under Data Protection best practice, transparency and accuracy in communication are critical.

Data Volumes and Relevance: TSTT points out that its platforms generate terabytes of data, possibly attempting to downplay the significance of the purported 6GB of exfiltrated data. While this might be accurate in the context of total data volume, GDPR focuses on the quality and sensitivity of data, not quantity. The sheer number of affected customers and the types of data involved make this breach significant.

In light of the recent cyber-attack on TSTT, their statement raises several concerns from a Data Protection perspective. The delayed disclosure, and the apparent contradiction between their claims and evidence presented by the hackers are alarming.

While TSTT’s proactive response in securing their systems is commendable, the nature of the data involved—especially the ID scans—poses a significant risk.

TSTT’s emphasis on the vast amounts of data they handle might be an attempt to downplay the breach’s gravity. However, from a Data Protection standpoint, it’s not the volume but the sensitivity and relevance of the data that counts. The situation underscores the need for transparent, accurate, and prompt communication in the face of security breaches.

Again, it places the need for revised legislation not only from a Data Protection perspective but also a cyber crime perspective to provide for an independent regulator and also to empower TT CSIRT with the ability to independently act and ensure accuracy and timely release of information and investigations and also to hold companies honest and accountable.

About Rishi Maharaj

Rishi Maharaj is a graduate of the University of the West Indies with a BSc. and MSc. in Government. He is a Certified Information Privacy Manager and provides consultancies through Privicy Advisory Services which assists organizations through data expansion and digital transformation, emphasizing the reduction of compliance burdens.

With over 15 years in the public and privacy sectors, he offers deep insights into government workings and the challenges of digital transformation. Notably, Rishi spearheaded the finalization and partial proclamation of Trinidad and Tobago’s Data Protection Act in 2011 and contributed to international model data protection legislation.

In the private sector, he helps businesses to align with GDPR and regional data protection standards, using compliance as a unique differentiator to boost organizational value and foster trust and engagement. He is a member of both the Canadian Institute of Access and Privacy Professionals and the International Association of Privacy Professionals.

Related Posts…

mMoney and Sign Global partner for Barbados asset distribution system

mMoney and Sign Global partner for Barbados asset distribution system

By Press Release / December 1, 2025
A cornerstone of the partnership is the development of Bajan Chain, a sovereign Layer 2 blockchain,
Read More
Unfinished symphonies

Unfinished symphonies

By Mark Lyndersay / December 1, 2025
The market viability of creative projects often can't be realistically assessed until the work is done.
Read More
Digicel will spend $20 million on its network, retires 2G on December 31

Digicel will spend $20 million on its network, retires 2G on December 31

By Press Release / November 28, 2025
DigicelTT is improving the backbone of its network to optimize its performance. This includes moving important fibre lines underground.
Read More
InfoLink prepares for its next three decades

InfoLink prepares for its next three decades

By Mark Lyndersay / November 28, 2025
Above: InfoLink General Manager Glynis Alexander-Tam speaking at the company's 30th Anniversary celebrations. Photo by Mark Lyndersay. Originally published in Newsday's BusinessDay on November 20, 2025 On November 14, InfoLink...
Read More
Do you know who your child is talking to?

Do you know who your child is talking to?

By Mark Lyndersay / November 24, 2025
That gorgeous, soft-spoken Swedish girl who admires your boy-child might a retired Nigerian prince looking for a new revenue stream.
Read More
Costa Rica tops Samsung’s Solve for Tomorrow, TT in top five

Costa Rica tops Samsung’s Solve for Tomorrow, TT in top five

By Press Release / November 20, 2025
TT's team from Marabella North Secondary School presented its solar-powered flood early-warning system, “Doh Get Wet.”
Read More
Garvin Medera returns to Digicel

Garvin Medera returns to Digicel

By OpEd / November 17, 2025
"This is where I first learned the true weight of connecting people, not just through technology, but through service."
Read More
Windows on a Mac, 2025

Windows on a Mac, 2025

By Mark Lyndersay / November 17, 2025
Software virtualisation solutions were a great solution for users who just needed to run one or two apps on Windows that weren't processor intensive.
Read More
Cryptocurrency investment landscape shifts to sustainable income models

Cryptocurrency investment landscape shifts to sustainable income models

By OpEd / November 16, 2025
Stablecoins function as volatility buffers within crypto portfolios, with market capitalization expanding during equity market turbulence as investors seek dollar-pegged assets backed by short-term U.S. Treasury securities
Read More
Next-level productivity for global teams

Next-level productivity for global teams

By OpEd / November 15, 2025
These strategies will help align people, tools, and processes.
Read More
mMoney and Sign Global partner for Barbados asset distribution system mMoney and Sign Global partner for... December 1, 2025
Unfinished symphonies Unfinished symphonies December 1, 2025
Digicel will spend $20 million on its network, retires 2G on December 31 Digicel will spend $20 million on... November 28, 2025
InfoLink prepares for its next three decades InfoLink prepares for its next three... November 28, 2025
Do you know who your child is talking to? Do you know who your child... November 24, 2025
Costa Rica tops Samsung’s Solve for Tomorrow, TT in top five Costa Rica tops Samsung’s Solve for... November 20, 2025
Garvin Medera returns to Digicel Garvin Medera returns to Digicel November 17, 2025
Windows on a Mac, 2025 Windows on a Mac, 2025 November 17, 2025
Cryptocurrency investment landscape shifts to sustainable income models Cryptocurrency investment landscape shifts to sustainable... November 16, 2025
Next-level productivity for global teams Next-level productivity for global teams November 15, 2025

🤞 Get connected!

A once weekly email notification of new stories on TechNewsTT. Just that. No spam.

Possible UI Glitch. Click top right corner to dismiss 👉

Get Connected!

A once weekly email notification of new stories on TechNewsTT.

Just that. No spam.

8038
Share
Related posts
Press Releases

UTC, TSTT and National Payment Company sign agreement for national e-KYC platform

By
2 Mins read
It’s scalable, secure, and meets international standards — a strong statement of what our local teams can accomplish
BitDepthFeatured

Caribbean cryptocurrency concerns

By
3 Mins read
In a pause with a defined timeline, operators may move outside the jurisdiction or take government to court and hope it drags on.
Press Releases

TSTT offers online, immersive digital internship for 600 youth

By
3 Mins read
“Corporate social responsibility must be aligned in a way that redounds to the benefit of Trinbagonians.”
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback
Roundup: for the week ending 5 November 2023 | ICT Pulse – The leading technology blog in the Caribbean
2 years ago

[…] Trinidad and Tobago – From a Data Protection standpoint (which we don’t have but other countries in the region have adopted) there are several areas of concern… more […]

0
Reply
trackback
Trinidad & Tobago’s state telecommunications provider is hacked, raising questions about data protection laws · Global Voices Advox
2 years ago

[…] writing at Tech News T&T was data protection consultant Rishi Maharaj, who expressed concerns about the timing of the data […]

0
Reply
wpdiscuz   wpDiscuz
×
FeaturedNews Briefs

Updated: TSTT reported hacked by RansomEXX exploit

By
2
0
Share your perspective in the comments!x
()
x