Breach Ho!

Image by Gerd Altmann from Pixabay

As everyone in Trinidad and Tobago knows, Telecommunications Services of Trinidad and Tobago (TSTT) had a horrible data breach that leaked quite a bit of personal information of customers, from scanned identification to credit card numbers.

I sat back for most of it. It was pretty clear to me from the onset that there was no putting the genie back in the bottle. As mentioned in the mainstream media, the story from TSTT changed quite a bit.

If there was a checklist of every bad way to handle a data breach of customer personal information, I think they at least hit the high notes. They were as unprepared for their information security being compromised as they were unprepared to have their information security put to the test.

TechNewsTT.com seemed to have the best coverage. I sat back and watched as details of scanned copies of identification, credit card numbers, a suspected password file and more began surfacing even as TSTT denied that they lost that information. When I searched for my information in the data dump, I found 2 occurrences. A few days later, I checked again and I was up to 37. This disturbed me not just because of the amount of times I showed up but because of one very interesting detail.

I’m not a TSTT customer. I am a customer of their subsidiary, Amplia. While I have heard but not met a namesake in Trinidad and Tobago, I strongly suspect that there are not 37 of us with the same name. Of course, that search doesn’t tell you what sort of documents and information was leaked. Why is my name in a data dump when I’m not a direct customer? Peculiar, suspicious, and enough to make one wonder a little bit about whether TSTT is co-mingling it’s information across subsidiaries.

Even more disturbing has been how many people misunderstand the data breach in their own personal context. The fact that a telecommunications provider, with a majority share owned by the government of the Republic of Trinidad and Tobago, mishandled this from information security to being honest with their customers should boggle any sane person.

Unfortunately, this is not the first data breach in Trinidad and Tobago. There have been some announced, such as when the Judiciary got locked out of their system and no cases could continue their slow moonwalk toward progress. These are the obvious breaches, the advertised breaches.

It’s the silent breaches we should be worried about.

There’s so many questions that people need to be asking that it’s hard to write just one article about it.

8 thoughts on “Breach Ho!

  1. 🤔 I believe that a breach was waiting to happen.

    Hackers will always find a way to penetrate firewalls.

    From now on, companies here in the Republic of Trinidad and Tobago will have to take cyber security seriously.

    1. They’ve had over a year since the Massy Breach. In between, government offices have been breached.

      Is there a cybersecurity for dummies book?

      But seriously, Renard, why was that data stored?

Leave a Reply

Your email address will not be published. Required fields are marked *