FeaturedOpinion

What does the TSTT breach mean for customers?

By
2 Mins read
6512
Share

Above: Rishi Maharaj.

Data protection consultant Rishi Maharaj on the TSTT Breach

From a Data Protection standpoint (which we don’t have but other countries in the region have adopted) there are several areas of concern.

Timing of the Disclosure: TSTT mentions that they became aware of the cyber-attack on October 9th, 2023. The gap between the attack and public disclosure appears to be significant, which could be concerning under Data Protection principles, especially as people’s personal data was comprised. From a data Protection perspective, reports should be made to a regulator within a specific time frame, namely 3 to 5 days and individuals must be informed, but alas we have no laws that place these requirements on companies here.

Nature of the Data: The breach reportedly includes customer lines, ID scans, and database dumps. ID scans can be considered as sensitive data, and its exfiltration poses significant risks for identity theft and fraud.

Assertion of ‘No Loss or Compromise’: TSTT states that there was “no loss or compromise of customer data”. However, considering the purported evidence available on the dark web, this claim may appear to contradict the presented data by RansomEXX. Under Data Protection best practice, transparency and accuracy in communication are critical.

Data Volumes and Relevance: TSTT points out that its platforms generate terabytes of data, possibly attempting to downplay the significance of the purported 6GB of exfiltrated data. While this might be accurate in the context of total data volume, GDPR focuses on the quality and sensitivity of data, not quantity. The sheer number of affected customers and the types of data involved make this breach significant.

In light of the recent cyber-attack on TSTT, their statement raises several concerns from a Data Protection perspective. The delayed disclosure, and the apparent contradiction between their claims and evidence presented by the hackers are alarming.

While TSTT’s proactive response in securing their systems is commendable, the nature of the data involved—especially the ID scans—poses a significant risk.

TSTT’s emphasis on the vast amounts of data they handle might be an attempt to downplay the breach’s gravity. However, from a Data Protection standpoint, it’s not the volume but the sensitivity and relevance of the data that counts. The situation underscores the need for transparent, accurate, and prompt communication in the face of security breaches.

Again, it places the need for revised legislation not only from a Data Protection perspective but also a cyber crime perspective to provide for an independent regulator and also to empower TT CSIRT with the ability to independently act and ensure accuracy and timely release of information and investigations and also to hold companies honest and accountable.

About Rishi Maharaj

Rishi Maharaj is a graduate of the University of the West Indies with a BSc. and MSc. in Government. He is a Certified Information Privacy Manager and provides consultancies through Privicy Advisory Services which assists organizations through data expansion and digital transformation, emphasizing the reduction of compliance burdens.

With over 15 years in the public and privacy sectors, he offers deep insights into government workings and the challenges of digital transformation. Notably, Rishi spearheaded the finalization and partial proclamation of Trinidad and Tobago’s Data Protection Act in 2011 and contributed to international model data protection legislation.

In the private sector, he helps businesses to align with GDPR and regional data protection standards, using compliance as a unique differentiator to boost organizational value and foster trust and engagement. He is a member of both the Canadian Institute of Access and Privacy Professionals and the International Association of Privacy Professionals.

Related Posts…

What keeps regional cybersecurity experts awake at night

What keeps regional cybersecurity experts awake at night

By Mark Lyndersay / December 16, 2024
Whether the attack comes from a successful external attempt, exploiting a vulnerability or from inside, perhaps a disgruntled employee, an exploit needs just one vulnerability.
Read More
Where hackers begin

Where hackers begin

By Mark Lyndersay / December 9, 2024
Digital nation strategies have been released by 170 countries and regions and more than 60 countries have elevated AI in their national strategy.
Read More
Blue skies for microblogging?

Blue skies for microblogging?

By Mark Lyndersay / December 2, 2024
Bluesky hit its current high of 23 million users faster than expected, but it’s way behind X.
Read More
Samsung Electronics Joins the Carbon Trust

Samsung Electronics Joins the Carbon Trust

By Press Release / December 1, 2024
Globally, connected devices currently require approximately 500 terawatt-hours (TWh) of energy annually.
Read More
The apps that thrive in Apple’s ecosystem

The apps that thrive in Apple’s ecosystem

By Mark Lyndersay / November 25, 2024
By Apple's own yardstick an app that shares usable data across three devices is acceptable one that synchronises with four is a winner.
Read More
America’s open mic moment

America’s open mic moment

By Mark Lyndersay / November 18, 2024
What made online pundits so effective in the US election?
Read More
The press and the president-elect

The press and the president-elect

By Mark Lyndersay / November 11, 2024
Beyond the president-elect's often-expressed intent to retaliate against journalists he believes are unfairly attacking him is the agenda of Project 2025.
Read More
All washed up

All washed up

By Mark Lyndersay / November 4, 2024
Dirt on its own will simply shake out of fabric. What keeps it in place is oil and grease, readily generated by human skin.
Read More
Samsung extends Knox security to its home appliances

Samsung extends Knox security to its home appliances

By Press Release / October 28, 2024
Knox Matrix is a security solution that comprehensively protects connected devices and networks using private blockchain technology.
Read More
bmobile and CARIRI host 3,500 children at Innovation Camp

bmobile and CARIRI host 3,500 children at Innovation Camp

By Press Release / October 28, 2024
In the Power Up Competition, students were challenged to develop solutions for real-world problems particularly those affecting the environment.
Read More
What keeps regional cybersecurity experts awake at night What keeps regional cybersecurity experts awake... December 16, 2024
Where hackers begin Where hackers begin December 9, 2024
Blue skies for microblogging? Blue skies for microblogging? December 2, 2024
Samsung Electronics Joins the Carbon Trust Samsung Electronics Joins the Carbon Trust December 1, 2024
The apps that thrive in Apple’s ecosystem The apps that thrive in Apple’s... November 25, 2024
America’s open mic moment America’s open mic moment November 18, 2024
The press and the president-elect The press and the president-elect November 11, 2024
All washed up All washed up November 4, 2024
Samsung extends Knox security to its home appliances Samsung extends Knox security to its... October 28, 2024
bmobile and CARIRI host 3,500 children at Innovation Camp bmobile and CARIRI host 3,500 children... October 28, 2024

🤞 Get connected!

A once weekly email notification of new stories on TechNewsTT. Just that. No spam.

Possible UI Glitch. Click top right corner to dismiss 👉

Get Connected!

A once weekly email notification of new stories on TechNewsTT.

Just that. No spam.

6512
Share
Related posts
BitDepthFeatured

Where hackers begin

By
3 Mins read
Digital nation strategies have been released by 170 countries and regions and more than 60 countries have elevated AI in their national strategy.
News Briefs

TSTT confirms Kent Western as CEO

By
1 Mins read
Effective October 01, 2024, TSTT has confirmed the appointment of Kent Western as Chief Executive Officer. Western has been acting…
Press Releases

TSTT partners with France's SOGET to improve port efficiency and digital transformation

By
3 Mins read
The PCS complements existing systems, neither replacing nor competing with them, ushering in a new aspect of interoperability and data sharing.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback
Roundup: for the week ending 5 November 2023 | ICT Pulse – The leading technology blog in the Caribbean
1 year ago

[…] Trinidad and Tobago – From a Data Protection standpoint (which we don’t have but other countries in the region have adopted) there are several areas of concern… more […]

0
Reply
trackback
Trinidad & Tobago’s state telecommunications provider is hacked, raising questions about data protection laws · Global Voices Advox
1 year ago

[…] writing at Tech News T&T was data protection consultant Rishi Maharaj, who expressed concerns about the timing of the data […]

0
Reply
wpdiscuz   wpDiscuz
×
FeaturedNews Briefs

Updated: TSTT reported hacked by RansomEXX exploit

By
2
0
Share your perspective in the comments!x
()
x