FeaturedOpinion

What does the TSTT breach mean for customers?

By
2 Mins read
6407
Share

Above: Rishi Maharaj.

Data protection consultant Rishi Maharaj on the TSTT Breach

From a Data Protection standpoint (which we don’t have but other countries in the region have adopted) there are several areas of concern.

Timing of the Disclosure: TSTT mentions that they became aware of the cyber-attack on October 9th, 2023. The gap between the attack and public disclosure appears to be significant, which could be concerning under Data Protection principles, especially as people’s personal data was comprised. From a data Protection perspective, reports should be made to a regulator within a specific time frame, namely 3 to 5 days and individuals must be informed, but alas we have no laws that place these requirements on companies here.

Nature of the Data: The breach reportedly includes customer lines, ID scans, and database dumps. ID scans can be considered as sensitive data, and its exfiltration poses significant risks for identity theft and fraud.

Assertion of ‘No Loss or Compromise’: TSTT states that there was “no loss or compromise of customer data”. However, considering the purported evidence available on the dark web, this claim may appear to contradict the presented data by RansomEXX. Under Data Protection best practice, transparency and accuracy in communication are critical.

Data Volumes and Relevance: TSTT points out that its platforms generate terabytes of data, possibly attempting to downplay the significance of the purported 6GB of exfiltrated data. While this might be accurate in the context of total data volume, GDPR focuses on the quality and sensitivity of data, not quantity. The sheer number of affected customers and the types of data involved make this breach significant.

In light of the recent cyber-attack on TSTT, their statement raises several concerns from a Data Protection perspective. The delayed disclosure, and the apparent contradiction between their claims and evidence presented by the hackers are alarming.

While TSTT’s proactive response in securing their systems is commendable, the nature of the data involved—especially the ID scans—poses a significant risk.

TSTT’s emphasis on the vast amounts of data they handle might be an attempt to downplay the breach’s gravity. However, from a Data Protection standpoint, it’s not the volume but the sensitivity and relevance of the data that counts. The situation underscores the need for transparent, accurate, and prompt communication in the face of security breaches.

Again, it places the need for revised legislation not only from a Data Protection perspective but also a cyber crime perspective to provide for an independent regulator and also to empower TT CSIRT with the ability to independently act and ensure accuracy and timely release of information and investigations and also to hold companies honest and accountable.

About Rishi Maharaj

Rishi Maharaj is a graduate of the University of the West Indies with a BSc. and MSc. in Government. He is a Certified Information Privacy Manager and provides consultancies through Privicy Advisory Services which assists organizations through data expansion and digital transformation, emphasizing the reduction of compliance burdens.

With over 15 years in the public and privacy sectors, he offers deep insights into government workings and the challenges of digital transformation. Notably, Rishi spearheaded the finalization and partial proclamation of Trinidad and Tobago’s Data Protection Act in 2011 and contributed to international model data protection legislation.

In the private sector, he helps businesses to align with GDPR and regional data protection standards, using compliance as a unique differentiator to boost organizational value and foster trust and engagement. He is a member of both the Canadian Institute of Access and Privacy Professionals and the International Association of Privacy Professionals.

Related Posts…

The press and the president-elect

The press and the president-elect

By Mark Lyndersay / November 11, 2024
Beyond the president-elect's often-expressed intent to retaliate against journalists he believes are unfairly attacking him is the agenda of Project 2025.
Read More
All washed up

All washed up

By Mark Lyndersay / November 4, 2024
Dirt on its own will simply shake out of fabric. What keeps it in place is oil and grease, readily generated by human skin.
Read More
Samsung extends Knox security to its home appliances

Samsung extends Knox security to its home appliances

By Press Release / October 28, 2024
Knox Matrix is a security solution that comprehensively protects connected devices and networks using private blockchain technology.
Read More
bmobile and CARIRI host 3,500 children at Innovation Camp

bmobile and CARIRI host 3,500 children at Innovation Camp

By Press Release / October 28, 2024
In the Power Up Competition, students were challenged to develop solutions for real-world problems particularly those affecting the environment.
Read More
The state of Caribbean digital transformation

The state of Caribbean digital transformation

By Mark Lyndersay / October 28, 2024
Despite 87 per cent believing that digital will disrupt their industry, 87 per cent acknowledged that they don't have the right leaders
Read More
The WordPress War

The WordPress War

By Mark Lyndersay / October 21, 2024
WPEngine and the websites of its customers were blocked from the WordPress log-in system theme and plug-in updates and other background processes that enable a Wordpress website.
Read More
A budget of concrete and asphalt

A budget of concrete and asphalt

By Mark Lyndersay / October 14, 2024
Four years after Hassel Bacchus took up the pioneering role of Digital Transformation Minister, the 2025 budget could not identify any completed transformation project that's positively affected citizens.
Read More
Being secure when making tap to pay transactions

Being secure when making tap to pay transactions

By Press Release / October 13, 2024
Each transaction is accompanied by a unique code that securely protects cardholder payment information.
Read More
TT Digital Transformation Minister re-elected president of CTU

TT Digital Transformation Minister re-elected president of CTU

By Mark Lyndersay / October 8, 2024
“The Caribbean cannot be a mere onlooker. Rather, we must be active innovators and contributors, ensuring that our regional priorities, unique perspectives and culture are safeguarded and prioritised at a...
Read More
Holy Faith Penal wins TT leg of Samsung’s Solve for Tomorrow

Holy Faith Penal wins TT leg of Samsung’s Solve for Tomorrow

By Press Release / October 8, 2024
In Trinidad and Tobago the team from Holy Faith Convent Penal was chosen as the winner presenting the project called “My Neighbour’s Keeper”.
Read More
The press and the president-elect The press and the president-elect November 11, 2024
All washed up All washed up November 4, 2024
Samsung extends Knox security to its home appliances Samsung extends Knox security to its... October 28, 2024
bmobile and CARIRI host 3,500 children at Innovation Camp bmobile and CARIRI host 3,500 children... October 28, 2024
The state of Caribbean digital transformation The state of Caribbean digital transformation October 28, 2024
The WordPress War The WordPress War October 21, 2024
A budget of concrete and asphalt A budget of concrete and asphalt October 14, 2024
Being secure when making tap to pay transactions Being secure when making tap to... October 13, 2024
TT Digital Transformation Minister re-elected president of CTU TT Digital Transformation Minister re-elected president... October 8, 2024
Holy Faith Penal wins TT leg of Samsung’s Solve for Tomorrow Holy Faith Penal wins TT leg... October 8, 2024

🤞 Get connected!

A once weekly email notification of new stories on TechNewsTT. Just that. No spam.

Possible UI Glitch. Click top right corner to dismiss 👉

Get Connected!

A once weekly email notification of new stories on TechNewsTT.

Just that. No spam.

6407
Share
Related posts
News Briefs

TSTT confirms Kent Western as CEO

By
1 Mins read
Effective October 01, 2024, TSTT has confirmed the appointment of Kent Western as Chief Executive Officer. Western has been acting…
Press Releases

TSTT partners with France's SOGET to improve port efficiency and digital transformation

By
3 Mins read
The PCS complements existing systems, neither replacing nor competing with them, ushering in a new aspect of interoperability and data sharing.
Press Releases

TSTT activates disaster plan, closes select outlets

By
1 Mins read
We are working closely with the Office of Disaster Preparedness and Management (ODPM), Tobago Emergency Management Agency (TEMA) and other agencies to ensure critical services are restored promptly and safely, if impacted.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback
Roundup: for the week ending 5 November 2023 | ICT Pulse – The leading technology blog in the Caribbean
1 year ago

[…] Trinidad and Tobago – From a Data Protection standpoint (which we don’t have but other countries in the region have adopted) there are several areas of concern… more […]

0
Reply
trackback
Trinidad & Tobago’s state telecommunications provider is hacked, raising questions about data protection laws · Global Voices Advox
1 year ago

[…] writing at Tech News T&T was data protection consultant Rishi Maharaj, who expressed concerns about the timing of the data […]

0
Reply
wpdiscuz   wpDiscuz
×
FeaturedNews Briefs

Updated: TSTT reported hacked by RansomEXX exploit

By
2
0
Share your perspective in the comments!x
()
x