Cyberattacks are now part of the world we live in.
While we expect the Attorney General to give us legislative ammunition, we also need institutions to create a shield to protect our private information.
Sadly, TSTT has failed our citizens.
Letter writer Gordon Laughlin wrote, “In the face of this scandal, it is crucial for accountability to be established… Heads must roll to demonstrate that such negligence will not be tolerated.”
Well, Lisa Agard paid the price.
A private conglomerate with angry shareholders would demand blood. It should be no different with TSTT. The average citizen and the taxpayer dollar are just as relevant.
This situation has not ended. With attorneys Kyle Taklalsingh and Anand Ramlogan around, we may soon see a class action suit against TSTT.
Under the EU law, it is possible to sue for two types of damages. Material (financial) like identity theft, if your credit score has been affected, or you need to hire IT staff to monitor your online transitions, and non-material damage, relating to mental well-being, if you have suffered stress, anxiety, or PTSD, you could be compensated.
In the USA, successful class action claims were made against T-Mobile, Home Depot, Capital One, and Stanley Morgan
Letter writer Allison Chang also questioned Minister Garvin Gonzales’ call for an investigation, “Does the Minister of Public Utilities honestly believe an investigation into the TSTT cyberattack will reveal who accessed its servers, how they did it, or whose fault it was? Or is he just trying to save face?”
The contradiction between the minister’s initial utterances in Parliament and TSTT’s subsequent tardy admission of personal data breach, would have caused some embarrassment for the minister.
It seemed TSTT poops like its child Telco (Penguin’s classic calypso) did years before.
We need an investigation independent of TSTT to reveal what happened. Was there negligence? Where was the negligence? The board? The executive directors? The managers? Some network engineer?
If a company board is aware they’re not fully protected but does nothing due to the cost factor or inertia of getting things done, then the entire board should go and not use a CEO as a scapegoat.
It’s like when an attacked lizard drops its tail. Everyone focuses on the writhing tail and the lizard gets away.
Who’s fault it is and who pays the price may not be the same person.
Gartner, the American technological research firm, reported over a five-year period that CEOs are increasingly blamed and punished as a result of cybersecurity-related events—even more so than IT executives.
Paul Proctor‘s November 2019 Forbes article—Eight reasons why a CEO can be fired after a security breach- provides reasons.
When someone gets fired, it’s because a potential risk was ignored or a potential risk was underestimated (also maybe causing a minister’s embarrassment?).
US CEOs walked in 2013, when the Target chain executives underestimated their risk, also in 2014 when Sony Pictures was breached, and then the Equifax credit company breach which affected 145 million people.
In Brian NeSmith’s post—CEOs: The Data Breach Is Your Fault -, he mentions it is now the business practice that the CEO takes the fall. ‘The days of Teflon-coated CEOs not sharing the blame are gone’.
Communications Workers’ Union secretary-general Clyde Elder called for Agard’s removal saying, ‘they (she and another staffer) will interfere with the investigation if they are there because if there is anything that comes back to them or points back to them, they will try their best to get rid of it.’
Elder made the alarming claim that TSTT was hacked previously but did not increase its defences to prevent another attack.
Since November 2021, the union had started a petition to remove Agard, naming her inability to return the company to its viable state, her ‘oppressive retrenchment’ drive, and a conflict of interest.
The petition read, “We have seen the emergence of Amplia, propelled as “part of” TSTT when in fact they are competing against TSTT. Customers are being poached by Amplia, a failed company that was purchased for over two hundred million of taxpayers’ money with no real accountability. There is a direct conflict of interest when she still has reign in Amplia and sits as the CEO of TSTT.”
Agard’s removal now begs the question, was she given a golden handshake?
I think it is time the contracts of all CEOs in public enterprises should be made public, since public funds are used to pay the severance package regardless of if the employee loses their job due to firing, restructuring, negligence, or retirement.
The public may be losing twice, first by the foray into their private information, as well as their tax dollars going to pay a severance package.