Advertisement

Ethical concern raised about companies that do not alert customers to cyber attacks

Cyber security consultant Gavin Dennis
By Kimone Witter    
 
Cyber security consultant Gavin Dennis says there is an ethical concern when companies are hacked resulting in the personal data of Jamaicans being shared on the internet, and the affected individuals are not notified.
 
Mr. Dennis was speaking in the context of frequent local data breaches, the latest of which affected e-commerce platform ShopCourts and PriceSmart on the weekend.
 
He said companies risk eroding the trust of customers when they do not alert them to ransomware attacks. 
 
"One of my concerns with the data breaches that are frequently happening is that oftentimes the public doesn't hear about it first from the company. It has to be where someone goes online and discovers that the company was hacked because the hackers are publicising it. 
 
"So data is stolen, which involves personal data, but the companies don't proactively contact the victims to say, hey, we had a security incident, your data was compromised in a ransomware attack, this is what was disclosed, etc. And so people just happen to find out from everyone else but the company that they gave and trusted their personal data with," he pointed out.  
 
Writing on X, formerly Twitter on Sunday, Mr. Dennis said hackers claimed to have stolen data on up to 200,000 orders from the ShopCourts website.
 
The hackers leaked a sample of customer records from 2013-2023 which relate to multiple Caribbean countries, including Jamaica.
 
Mr. Dennis said access to the data from the ShopCourts website is being sold online and was published on August 29 this year.
 
Meanwhile, ALPHV hackers had posted that they stole more than 500 gigabytes of sensitive data on customers and employees from PriceSmart.
 
Mr. Dennis said this is the same group that claimed responsibility for the hack at Derrimon Trading.
 
He told Radio Jamaica News that the data breaches are considered serious, adding that 500 gigabytes is a significant amount of data to have been stolen from a company. 
 
In a statement Sunday, Courts said none of its customers' payment methods and password information were exposed in the incident.
 
The company acknowledged a data breach on the old e-commerce platform www.shopcourts.com, but said immediate action was taken.
 
Courts said it switched e-commerce platforms in September, the month after the hack.
 
It added the data leak only contained information on customers who shopped on its website but said the new platform enforces the measures and strengthens security levels to have a secure platform without any data breach.
 
Mr. Dennis believes the private sector and the government should be more concerned and proactive in preventing data breaches, which he noted have been increasing since last year. 
 
 


comments powered by Disqus
Most Popular
Appeal Court reserves judgment in murder case...
Male teacher at Immaculate Conception High...
Veteran journalist Barbara Gayle found...