Technology journalist and Newsday columnist Mark Lyndersay says the public is unaware of how serious Ransom Exx’s reported breach of Telecommunication Services of Trinidad and Tobago’s (TSTT) data is.
Reports of the breach were made three days ago. Lyndersay wrote of it on his site, technewstt.com.
In that article, Lyndersay said, “According to FalconFeeds.IO, a cyber security firm that offers a Twitter feed reporting on breaches, tstt.co.tt and bmobile.co.tt were compromised, with a reported 6GB of customer lines, ID scans, gitlab projects and database dumps as part of the haul.”
A check of FalconFeeds.io twitter account on October 27 said, “Ransomexx #ransomware group has added Telecommunications Services of Trinidad and Tobago (http://tstt.co.tt) to their victim list. They claim to have access to 6GB of organisations (sic) data.”
There has been no official word from the Telecommunications Services of Trinidad and Tobago (TSTT) on the matter and calls to its CEO Lisa Agard went unanswered. Calls to Minister of Public Utilities Marvin Gonzales also went unanswered.
In a phone interview on Sunday, Lyndersay said, “It is an issue of customer privacy and the customer’s right to know.”
With ransomware, if the ransom is not paid the data is released, he said.
This has happened before in TT and Jamaica, he added.
“Before they release the data, it is customary that a ransomware organisation will produce proof with a selection of the data they exfiltrated (withdraw surreptitiously) which they post to the dark web to say, ‘Yes we have your data. Now pay us.’
“In that cache of exfiltrated data that was posted as proof is a 300mb file that has got the personal identifiable information of 800,000 TSTT customers,” Lyndersay said.
This meant phone numbers, addresses, IDs etc.
Comentarios