Harper urges urgent action as BRA breach exposes personal info Barbados Today
p
Cybersecurity expert Niel Harper FP ppharging that the Barbados Revenue Authority BRA might have suffered the most extensive data leak to date cybersecurity expert Niel Harper warned that a massive amount of sensitive information has been exposed and blasted the governments response as inadequate
ppHarper is charging that the breach is far more serious than what has been disclosed by officials accusing them of downplaying the scale of the incident
ppThis is a massive data breach quite possibly the largest in the history of the country Harper charged in a statement on Wednesday a day after news surfaced of the theft of data by malicious threat actors identified as Pryx who listed it for sale
ppThe compromised data is said to include a wide range of personal and corporate information such as national and foreign passports ID cards driving licences financial transactions vehicle registrations company incorporation documents customs documentation licence payment invoices and medical certificates
ppHarper managing director and digital trust practice leader at Octave Cyber Security Group said he sent correspondence on the issue to Attorney General Dale Marshall and Minister of Industry Innovation Science and Technology Marsha Caddle advising on what needed to be done as a matter of urgency to mitigate further harm to affected individuals He said he had also reached out to Prime Minister Mia Mottley but had yet to receive a reply from any of the three officials
ppIn her statement issued on Tuesday Caddle said that based on her ministrys investigations and those of the BRA there was no evidence to suggest that the breach extended beyond vehicle registration data She added that an incident response team had been mobilised and additional countermeasures were being implemented to secure affected systems
ppAs reports poured in Tuesday that sensitive information from the nations tax collector was reportedly circulating on social media and the wider internet raising alarm BRA communications and public relations manager Carolyn WilliamsGayle said the compromised data appeared to be restricted to vehicle registration application information We are actively investigating the incident she said The confidence and trust that individuals and businesses have in the Authority are the cornerstones of our systems so were currently working with our partners and law enforcement to conduct a thorough investigation to determine the nature and scope of the reported incident
ppBut Harper suggested that the breach extended far beyond what had been officially reported by local authorities He also expressed concern over the governments slow response
ppIn a list of recommendations to Marshall and Caddle the cybersecurity professional advised that authorities should notify all individuals whose data has been compromised and explain the severity of the breach to them as required under the Data Protection Act
ppHe added that the government should also provide guidance to residents on how to protect themselves from risks such as identity theft fraud and bank account compromise
ppHarper also urged the government to say what measures it would take to prevent similar incidents in the future
ppIt was important to show accountability and explain to the data subjects what the government plans to do to prevent these types of breaches from happening again he stressed
ppThe data privacy expert also called on authorities to notify international supervisory bodies such as those in the European Union EU United Kingdom and Canada given that the data of foreign nationals may have been compromised as required under international law
ppHarper warned that not following these steps would place the government in breach of international data protection regulations
ppFailing to do so would mean the government is in violation of several international data protection laws as well as the Barbados Data Protection Act he declared The laws generally require that data subjects and supervisory authorities are to be notified of a material breach in 72 hours
ppHarper said he has been assisting in the background advising the parties involved with responding to the breach what are the best technical actions to take to reduce the associated risks
ppReflecting on his longstanding advocacy for stronger data privacy and cybersecurity measures in Barbados Harper noted the challenges he has faced over the years citing a lack of support from successive governments
ppDespite being subjected to constant ridicule and disrespect from the government both DLP and BLP administrations when it comes to matters of digital transformation cybersecurity and data privacy I continue to be steadfastly committed to protecting Bajans from online harms declared Harper who currently serves on the Independent Management Advisory Committee of the International Telecommunication Union the Professional Standards Working Group of the UK Cyber Security Council and as an Independent Director ViceChair Board of Directors at the Information Systems Audit and Control Association
ppHarper was recently named among the recipients of this years International Information System Security Certification Consortium ISC2 Global Achievement Awards He was given the Senior Professional Award EMEA Europe Middle East and Africa Region which recognises an individual regionally who has significantly contributed to the enhancement of the cybersecurity workforce by demonstrating a leadership role in their profession
pp
pp
pp
Powered by PenciDesign pp
We use cookies to ensure that we give you the best experience on our website If you continue to use this site we will assume that you are happy with it Accept
Privacy Policy p
Cybersecurity expert Niel Harper FP ppharging that the Barbados Revenue Authority BRA might have suffered the most extensive data leak to date cybersecurity expert Niel Harper warned that a massive amount of sensitive information has been exposed and blasted the governments response as inadequate
ppHarper is charging that the breach is far more serious than what has been disclosed by officials accusing them of downplaying the scale of the incident
ppThis is a massive data breach quite possibly the largest in the history of the country Harper charged in a statement on Wednesday a day after news surfaced of the theft of data by malicious threat actors identified as Pryx who listed it for sale
ppThe compromised data is said to include a wide range of personal and corporate information such as national and foreign passports ID cards driving licences financial transactions vehicle registrations company incorporation documents customs documentation licence payment invoices and medical certificates
ppHarper managing director and digital trust practice leader at Octave Cyber Security Group said he sent correspondence on the issue to Attorney General Dale Marshall and Minister of Industry Innovation Science and Technology Marsha Caddle advising on what needed to be done as a matter of urgency to mitigate further harm to affected individuals He said he had also reached out to Prime Minister Mia Mottley but had yet to receive a reply from any of the three officials
ppIn her statement issued on Tuesday Caddle said that based on her ministrys investigations and those of the BRA there was no evidence to suggest that the breach extended beyond vehicle registration data She added that an incident response team had been mobilised and additional countermeasures were being implemented to secure affected systems
ppAs reports poured in Tuesday that sensitive information from the nations tax collector was reportedly circulating on social media and the wider internet raising alarm BRA communications and public relations manager Carolyn WilliamsGayle said the compromised data appeared to be restricted to vehicle registration application information We are actively investigating the incident she said The confidence and trust that individuals and businesses have in the Authority are the cornerstones of our systems so were currently working with our partners and law enforcement to conduct a thorough investigation to determine the nature and scope of the reported incident
ppBut Harper suggested that the breach extended far beyond what had been officially reported by local authorities He also expressed concern over the governments slow response
ppIn a list of recommendations to Marshall and Caddle the cybersecurity professional advised that authorities should notify all individuals whose data has been compromised and explain the severity of the breach to them as required under the Data Protection Act
ppHe added that the government should also provide guidance to residents on how to protect themselves from risks such as identity theft fraud and bank account compromise
ppHarper also urged the government to say what measures it would take to prevent similar incidents in the future
ppIt was important to show accountability and explain to the data subjects what the government plans to do to prevent these types of breaches from happening again he stressed
ppThe data privacy expert also called on authorities to notify international supervisory bodies such as those in the European Union EU United Kingdom and Canada given that the data of foreign nationals may have been compromised as required under international law
ppHarper warned that not following these steps would place the government in breach of international data protection regulations
ppFailing to do so would mean the government is in violation of several international data protection laws as well as the Barbados Data Protection Act he declared The laws generally require that data subjects and supervisory authorities are to be notified of a material breach in 72 hours
ppHarper said he has been assisting in the background advising the parties involved with responding to the breach what are the best technical actions to take to reduce the associated risks
ppReflecting on his longstanding advocacy for stronger data privacy and cybersecurity measures in Barbados Harper noted the challenges he has faced over the years citing a lack of support from successive governments
ppDespite being subjected to constant ridicule and disrespect from the government both DLP and BLP administrations when it comes to matters of digital transformation cybersecurity and data privacy I continue to be steadfastly committed to protecting Bajans from online harms declared Harper who currently serves on the Independent Management Advisory Committee of the International Telecommunication Union the Professional Standards Working Group of the UK Cyber Security Council and as an Independent Director ViceChair Board of Directors at the Information Systems Audit and Control Association
ppHarper was recently named among the recipients of this years International Information System Security Certification Consortium ISC2 Global Achievement Awards He was given the Senior Professional Award EMEA Europe Middle East and Africa Region which recognises an individual regionally who has significantly contributed to the enhancement of the cybersecurity workforce by demonstrating a leadership role in their profession
pp
pp
pp
Powered by PenciDesign pp
We use cookies to ensure that we give you the best experience on our website If you continue to use this site we will assume that you are happy with it Accept
Privacy Policy p
