Cy­ber­at­tacks are now part of the world we live in.

While we ex­pect the At­tor­ney Gen­er­al to give us leg­isla­tive am­mu­ni­tion, we al­so need in­sti­tu­tions to cre­ate a shield to pro­tect our pri­vate in­for­ma­tion.

Sad­ly, TSTT has failed our cit­i­zens.

Let­ter writer Gor­don Laugh­lin wrote, “In the face of this scan­dal, it is cru­cial for ac­count­abil­i­ty to be es­tab­lished… Heads must roll to demon­strate that such neg­li­gence will not be tol­er­at­ed.”

Well, Lisa Agard paid the price.

A pri­vate con­glom­er­ate with an­gry share­hold­ers would de­mand blood. It should be no dif­fer­ent with TSTT. The av­er­age cit­i­zen and the tax­pay­er dol­lar are just as rel­e­vant.

This sit­u­a­tion has not end­ed. With at­tor­neys Kyle Tak­lals­ingh and Anand Ram­lo­gan around, we may soon see a class ac­tion suit against TSTT.

Un­der the EU law, it is pos­si­ble to sue for two types of dam­ages. Ma­te­r­i­al (fi­nan­cial) like iden­ti­ty theft, if your cred­it score has been af­fect­ed, or you need to hire IT staff to mon­i­tor your on­line tran­si­tions, and non-ma­te­r­i­al dam­age, re­lat­ing to men­tal well-be­ing, if you have suf­fered stress, anx­i­ety, or PTSD, you could be com­pen­sat­ed.

In the USA, suc­cess­ful class ac­tion claims were made against T-Mo­bile, Home De­pot, Cap­i­tal One, and Stan­ley Mor­gan

Let­ter writer Al­li­son Chang al­so ques­tioned Min­is­ter Garvin Gon­za­les’ call for an in­ves­ti­ga­tion, “Does the Min­is­ter of Pub­lic Util­i­ties hon­est­ly be­lieve an in­ves­ti­ga­tion in­to the TSTT cy­ber­at­tack will re­veal who ac­cessed its servers, how they did it, or whose fault it was? Or is he just try­ing to save face?”

The con­tra­dic­tion be­tween the min­is­ter’s ini­tial ut­ter­ances in Par­lia­ment and TSTT’s sub­se­quent tardy ad­mis­sion of per­son­al da­ta breach, would have caused some em­bar­rass­ment for the min­is­ter.

It seemed TSTT poops like its child Tel­co (Pen­guin’s clas­sic ca­lyp­so) did years be­fore.

We need an in­ves­ti­ga­tion in­de­pen­dent of TSTT to re­veal what hap­pened. Was there neg­li­gence? Where was the neg­li­gence? The board? The ex­ec­u­tive di­rec­tors? The man­agers? Some net­work en­gi­neer?

If a com­pa­ny board is aware they’re not ful­ly pro­tect­ed but does noth­ing due to the cost fac­tor or in­er­tia of get­ting things done, then the en­tire board should go and not use a CEO as a scape­goat.

It’s like when an at­tacked lizard drops its tail. Every­one fo­cus­es on the writhing tail and the lizard gets away.

Who’s fault it is and who pays the price may not be the same per­son.

Gart­ner, the Amer­i­can tech­no­log­i­cal re­search firm, re­port­ed over a five-year pe­ri­od that CEOs are in­creas­ing­ly blamed and pun­ished as a re­sult of cy­ber­se­cu­ri­ty-re­lat­ed events—even more so than IT ex­ec­u­tives.

Paul Proc­tor‘s No­vem­ber 2019 Forbes ar­ti­cle—Eight rea­sons why a CEO can be fired af­ter a se­cu­ri­ty breach- pro­vides rea­sons.

When some­one gets fired, it’s be­cause a po­ten­tial risk was ig­nored or a po­ten­tial risk was un­der­es­ti­mat­ed (al­so maybe caus­ing a min­is­ter’s em­bar­rass­ment?).

US CEOs walked in 2013, when the Tar­get chain ex­ec­u­tives un­der­es­ti­mat­ed their risk, al­so in 2014 when Sony Pic­tures was breached, and then the Equifax cred­it com­pa­ny breach which af­fect­ed 145 mil­lion peo­ple.

In Bri­an Ne­Smith’s post—CEOs: The Da­ta Breach Is Your Fault -, he men­tions it is now the busi­ness prac­tice that the CEO takes the fall. ‘The days of Teflon-coat­ed CEOs not shar­ing the blame are gone’.

Com­mu­ni­ca­tions Work­ers’ Union sec­re­tary-gen­er­al Clyde El­der called for Agard’s re­moval say­ing, ‘they (she and an­oth­er staffer) will in­ter­fere with the in­ves­ti­ga­tion if they are there be­cause if there is any­thing that comes back to them or points back to them, they will try their best to get rid of it.’

El­der made the alarm­ing claim that TSTT was hacked pre­vi­ous­ly but did not in­crease its de­fences to pre­vent an­oth­er at­tack.

Since No­vem­ber 2021, the union had start­ed a pe­ti­tion to re­move Agard, nam­ing her in­abil­i­ty to re­turn the com­pa­ny to its vi­able state, her ‘op­pres­sive re­trench­ment’ dri­ve, and a con­flict of in­ter­est.

The pe­ti­tion read, “We have seen the emer­gence of Am­plia, pro­pelled as “part of” TSTT when in fact they are com­pet­ing against TSTT. Cus­tomers are be­ing poached by Am­plia, a failed com­pa­ny that was pur­chased for over two hun­dred mil­lion of tax­pay­ers’ mon­ey with no re­al ac­count­abil­i­ty. There is a di­rect con­flict of in­ter­est when she still has reign in Am­plia and sits as the CEO of TSTT.”

Agard’s re­moval now begs the ques­tion, was she giv­en a gold­en hand­shake?

I think it is time the con­tracts of all CEOs in pub­lic en­ter­pris­es should be made pub­lic, since pub­lic funds are used to pay the sev­er­ance pack­age re­gard­less of if the em­ploy­ee los­es their job due to fir­ing, re­struc­tur­ing, neg­li­gence, or re­tire­ment.

The pub­lic may be los­ing twice, first by the for­ay in­to their pri­vate in­for­ma­tion, as well as their tax dol­lars go­ing to pay a sev­er­ance pack­age.