FeaturedOpinion

What does the TSTT breach mean for customers?

By
2 Mins read
5514
Share

Above: Rishi Maharaj.

Data protection consultant Rishi Maharaj on the TSTT Breach

From a Data Protection standpoint (which we don’t have but other countries in the region have adopted) there are several areas of concern.

Timing of the Disclosure: TSTT mentions that they became aware of the cyber-attack on October 9th, 2023. The gap between the attack and public disclosure appears to be significant, which could be concerning under Data Protection principles, especially as people’s personal data was comprised. From a data Protection perspective, reports should be made to a regulator within a specific time frame, namely 3 to 5 days and individuals must be informed, but alas we have no laws that place these requirements on companies here.

Nature of the Data: The breach reportedly includes customer lines, ID scans, and database dumps. ID scans can be considered as sensitive data, and its exfiltration poses significant risks for identity theft and fraud.

Assertion of ‘No Loss or Compromise’: TSTT states that there was “no loss or compromise of customer data”. However, considering the purported evidence available on the dark web, this claim may appear to contradict the presented data by RansomEXX. Under Data Protection best practice, transparency and accuracy in communication are critical.

Data Volumes and Relevance: TSTT points out that its platforms generate terabytes of data, possibly attempting to downplay the significance of the purported 6GB of exfiltrated data. While this might be accurate in the context of total data volume, GDPR focuses on the quality and sensitivity of data, not quantity. The sheer number of affected customers and the types of data involved make this breach significant.

In light of the recent cyber-attack on TSTT, their statement raises several concerns from a Data Protection perspective. The delayed disclosure, and the apparent contradiction between their claims and evidence presented by the hackers are alarming.

While TSTT’s proactive response in securing their systems is commendable, the nature of the data involved—especially the ID scans—poses a significant risk.

TSTT’s emphasis on the vast amounts of data they handle might be an attempt to downplay the breach’s gravity. However, from a Data Protection standpoint, it’s not the volume but the sensitivity and relevance of the data that counts. The situation underscores the need for transparent, accurate, and prompt communication in the face of security breaches.

Again, it places the need for revised legislation not only from a Data Protection perspective but also a cyber crime perspective to provide for an independent regulator and also to empower TT CSIRT with the ability to independently act and ensure accuracy and timely release of information and investigations and also to hold companies honest and accountable.

About Rishi Maharaj

Rishi Maharaj is a graduate of the University of the West Indies with a BSc. and MSc. in Government. He is a Certified Information Privacy Manager and provides consultancies through Privicy Advisory Services which assists organizations through data expansion and digital transformation, emphasizing the reduction of compliance burdens.

With over 15 years in the public and privacy sectors, he offers deep insights into government workings and the challenges of digital transformation. Notably, Rishi spearheaded the finalization and partial proclamation of Trinidad and Tobago’s Data Protection Act in 2011 and contributed to international model data protection legislation.

In the private sector, he helps businesses to align with GDPR and regional data protection standards, using compliance as a unique differentiator to boost organizational value and foster trust and engagement. He is a member of both the Canadian Institute of Access and Privacy Professionals and the International Association of Privacy Professionals.

Related Posts…

Reaching the youth media audience

Reaching the youth media audience

By Mark Lyndersay  /  April 22, 2024
Credibility has become personal. Who is delivering the news and what is understood about them is becoming as important as the journalism itself
Read More
Huawei, CTU partner to drive regional digital development

Huawei, CTU partner to drive regional digital development

By Press Release  /  April 22, 2024
The agreement will enhance the CTU’s collaborative efforts to address key ICT challenges in the region and symbolises its shared commitment with Huawei to foster a digitally empowered Caribbean.
Read More
IGT offers technology for children on the autism spectrum

IGT offers technology for children on the autism spectrum

By Press Release  /  April 22, 2024
Organisations supporting children with autism spectrum disorders and other neurological developmental conditions have been increasingly using technology to assist with their complex communication and learning needs.
Read More
Digicel invites Caribbean businesses to participate in regional digital transformation survey

Digicel invites Caribbean businesses to participate in regional digital transformation survey

By Press Release  /  April 21, 2024
"We invite businesses of all sizes and sectors to be at the forefront of digital transformation knowledge and innovation."
Read More
Pinaka Consulting partners with Flexxon

Pinaka Consulting partners with Flexxon

By Press Release  /  April 15, 2024
AI is an enabler.  Threat actors are getting better at communication in English using ChatGPT.
Read More
Next-gen news consumers. What do they want?

Next-gen news consumers. What do they want?

By Mark Lyndersay  /  April 15, 2024
It's no longer simply enough to keep producing the same news menu for an aging demographic and milking that diminishing audience.
Read More
Let’s talk backup. Again

Let’s talk backup. Again

By Mark Lyndersay  /  April 8, 2024
Computers have a functional life of around five years, and most media will last roughly that long before either becoming more prone to failure or simply running out of room.
Read More
TSTT to invest $160m in network, deploy VOLTE

TSTT to invest $160m in network, deploy VOLTE

By Press Release  /  April 5, 2024
"Trinidad and Tobago’s only indigenous communications solutions provider has successfully returned to a period of profitability."
Read More
Huawei doubles profits in 2023

Huawei doubles profits in 2023

By Press Release  /  April 5, 2024
Throughout the past year, its ICT infrastructure business remained solid, and its consumer business met expectations. Both its cloud computing and digital power businesses grew steadily.
Read More
The United States vs Apple

The United States vs Apple

By Mark Lyndersay  /  April 1, 2024
Apple's services, including AppleTV, Apple Music and Apple Pay, account for 22 per cent of the company's revenue and it's drawing the lion's share of the concern articulated in the...
Read More
Reaching the youth media audience Reaching the youth media audience April 22, 2024
Huawei, CTU partner to drive regional digital development Huawei, CTU partner to drive regional... April 22, 2024
IGT offers technology for children on the autism spectrum IGT offers technology for children on... April 22, 2024
Digicel invites Caribbean businesses to participate in regional digital transformation survey Digicel invites Caribbean businesses to participate... April 21, 2024
Pinaka Consulting partners with Flexxon Pinaka Consulting partners with Flexxon April 15, 2024
Next-gen news consumers. What do they want? Next-gen news consumers. What do they... April 15, 2024
Let’s talk backup. Again Let’s talk backup. Again April 8, 2024
TSTT to invest $160m in network, deploy VOLTE TSTT to invest $160m in network,... April 5, 2024
Huawei doubles profits in 2023 Huawei doubles profits in 2023 April 5, 2024
The United States vs Apple The United States vs Apple April 1, 2024

🤞 Get connected!

A once weekly email notification of new stories on TechNewsTT. Just that. No spam.

Possible UI Glitch. Click top right corner to dismiss 👉

Get Connected!

A once weekly email notification of new stories on TechNewsTT.

Just that. No spam.

5514
Share
Related posts
Press Releases

TSTT to invest $160m in network, deploy VOLTE

By
3 Mins read
“Trinidad and Tobago’s only indigenous communications solutions provider has successfully returned to a period of profitability.”
BitDepthFeatured

Professional perspectives on new cybercrime laws

By
3 Mins read
The Digital Transformation Plan still isn’t published. The consultation hasn’t put a green paper out yet.
BitDepthFeatured

The issues arising from new cybercrime laws

By
3 Mins read
Proper reporting of breach incidents is paramount to balance the needs of all stakeholders, including customers, regulators, and shareholders.”
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback
Roundup: for the week ending 5 November 2023 | ICT Pulse – The leading technology blog in the Caribbean
5 months ago

[…] Trinidad and Tobago – From a Data Protection standpoint (which we don’t have but other countries in the region have adopted) there are several areas of concern… more […]

0
Reply
trackback
Trinidad & Tobago’s state telecommunications provider is hacked, raising questions about data protection laws · Global Voices Advox
5 months ago

[…] writing at Tech News T&T was data protection consultant Rishi Maharaj, who expressed concerns about the timing of the data […]

0
Reply
wpdiscuz   wpDiscuz
×
FeaturedNews Briefs

Updated: TSTT reported hacked by RansomEXX exploit

By
2
0
Share your perspective in the comments!x
()
x