Tech journalist warns after attack on Massy Group: TT at mercy of cyber criminals

TECH journalist and Newsday columnist Mark Lyndersay has said the private sector’s strategy of keeping cyber-attacks secret, hoping they would go away, is an archaic move, showing TT’s response to cyber crimes is stuck in the past.

“Malware and ransomware continue to become more sophisticated, and TT's response to it remains adamantly 20th century,” Lyndersay said on Friday.

“Until the laws regarding privacy, personally identifiable information, cybercrime and corporate responsibility for these issues are proclaimed, companies and the public sector are under no obligation to even report breaches, far less notify affected citizens.”

Lyndersay’s statement came on the heels of a release sent by the Massy Group, which sought to dismiss claims made by the Jamaican newspaper the Gleaner that some 17 gigabytes of data had been dumped on the internet by cyber criminals.

Hive Ransomware released the Massy data on September 19. It was five days after that that Massy Distribution reported it had experienced a data breach.

The report claimed the data included personal information such as names, addresses, taxpayer registration numbers, signatures, videos and pictures of employees and contractors in Massy Jamaica.

“We would like to caution that much of the information being shared publicly about this cyber-security incident is speculative and inaccurate,” Massy said in the release. It invited people to use official channels for information.

On April 8, Massy’s branches in TT underwent a cyber attack which held critical information to ransom. The attack froze the nation’s largest grocery chain’s point-card system and exfiltrated an estimated 216 gigabytes of data before encrypting it.

A July 12 report by Red Packet Security, a cyber-attack tracker, said the exfiltrated files had been posted on the dark web (part of the internet that is deliberately hidden, requiring a specific browser to access it). On July 19 the hackers published all the data on the dark web. Five days after that, reports said, Jamaica was hacked.

In a release sent to the media, Massy admitted that more damage had been done than previously thought.

“Through continued investigation of the cyber-security incident, we are now aware that that data unlawfully accessed by the attackers was more extensive than the preliminary stages of the investigation indicated,” the release said.