cybersecurity

Confirmed Breach: Courts and PriceSmart.

~ Taran ~ Leave a comment

The data breach has been confirmed independently. There is a much better article on the data breach of Courts and Pricesmart available at TechNewsTT.com, and I’ll refer people to go read that article.

The original article (below) was written when it was just alleged.

In what looks to be a data breach of ShopCourts.com, this data breach seems benign. If it is as the image describes, it would expose the following information:

Unverified information in image from a plausible Facebook account whose interests include the National Security of Trinidad and Tobago.
  • Email addresses,
  • Names,
  • Gender,
  • Dates of Purchase,
  • Billing Addresses and Shipping Addresses,
  • Payment Method (which in common practice does not include credit card information).

It is altogether pretty benign. However, the ability to access the data potentially permits the ability to change the data.

It would seem someone wanted to make a point, wanted some sort of bragging rights, or quite possibly is looking for a job.

Given that Courts is in various countries, this could impact the following countries:

  • Antigua,
  • Barbados,
  • Belize,
  • Curacao,
  • Dominica,
  • Grenada,
  • Guyana,
  • Jamaica,
  • St. Kitts and Nevis,
  • St. Lucia,
  • St. Vincent and
  • Trinidad and Tobago.

Breach Ho!

~ Taran ~ 8 Comments
Image by Gerd Altmann from Pixabay

As everyone in Trinidad and Tobago knows, Telecommunications Services of Trinidad and Tobago (TSTT) had a horrible data breach that leaked quite a bit of personal information of customers, from scanned identification to credit card numbers.

I sat back for most of it. It was pretty clear to me from the onset that there was no putting the genie back in the bottle. As mentioned in the mainstream media, the story from TSTT changed quite a bit.

If there was a checklist of every bad way to handle a data breach of customer personal information, I think they at least hit the high notes. They were as unprepared for their information security being compromised as they were unprepared to have their information security put to the test.

TechNewsTT.com seemed to have the best coverage. I sat back and watched as details of scanned copies of identification, credit card numbers, a suspected password file and more began surfacing even as TSTT denied that they lost that information. When I searched for my information in the data dump, I found 2 occurrences. A few days later, I checked again and I was up to 37. This disturbed me not just because of the amount of times I showed up but because of one very interesting detail.

I’m not a TSTT customer. I am a customer of their subsidiary, Amplia. While I have heard but not met a namesake in Trinidad and Tobago, I strongly suspect that there are not 37 of us with the same name. Of course, that search doesn’t tell you what sort of documents and information was leaked. Why is my name in a data dump when I’m not a direct customer? Peculiar, suspicious, and enough to make one wonder a little bit about whether TSTT is co-mingling it’s information across subsidiaries.

Even more disturbing has been how many people misunderstand the data breach in their own personal context. The fact that a telecommunications provider, with a majority share owned by the government of the Republic of Trinidad and Tobago, mishandled this from information security to being honest with their customers should boggle any sane person.

Unfortunately, this is not the first data breach in Trinidad and Tobago. There have been some announced, such as when the Judiciary got locked out of their system and no cases could continue their slow moonwalk toward progress. These are the obvious breaches, the advertised breaches.

It’s the silent breaches we should be worried about.

There’s so many questions that people need to be asking that it’s hard to write just one article about it.