Three weeks after a major data breach at the Barbados Revenue Authority led to personal information and vehicle registration documents being offered for sale online, officials say there’s no evidence any of the stolen data was used for fraud or other harmful activities.
Minister of Industry, Innovation, Science, and Technology Marsha Caddle sought to downplay the fallout from the breach while announcing a programme to put the public and civil servants on guard for cyber threats.
“We have no reason to believe that any information from this breach has so far been used to commit fraud or other harmful activities. Much of the information breached was the kind of administrative documentation that is reasonably low risk, but some of the information carries personal identifying data,” Caddle said Friday as she announced the rollout of a national programme on cyber and information security awareness that was prompted by the breach.
The breach demonstrated the need to accelerate cybersecurity reforms across all public agencies.
“We’ve done the immediate containment; we’ve hardened the BRA systems, and we’re systematically taking steps to speed up our hardening and cyber-resilience across government,” she said.
Credit monitoring services are to help affected individuals track whether their information is being misused.
“We value the trust you place in us to protect your privacy, and we take seriously our responsibility to safeguard your personal information,” Caddle said, declaring the administration was committed to handling the situation openly.
Officials continue to manage the fallout from the BRA breach, first reported by DataBreaches.net, which involved unauthorised access to the BRA’s vehicle registration database, with the stolen data reportedly being sold on a Russian-language forum.
The compromised data set, amounting to 230 gigabytes, contains sensitive information including property tax records, vehicle registration details, driver’s licences, passport numbers, emails, and phone numbers. One of the leaked files reportedly includes a driver’s licence from South Carolina, raising concerns that the breach may extend beyond Barbados.
The minister pledged that measures would be taken to maintain the integrity of the ongoing investigation while enhancing the country’s overall security.
An incident response team, tasked with containing the breach and improving the security of the BRA’s systems, has been set up, said Caddle. The team is drawn from the National Cybersecurity Unit co-led by the Barbados Defence Force Cyber Unit and includes national and international cybersecurity experts.
Lieutenant Commander Neil Matthews, head of the BDF Cyber Unit and incident manager for the BRA breach, confirmed that the forensic investigation had made significant progress.
“Since the last update, a more thorough assessment of the root cause of this incident has been undertaken, and we’re working with the appropriate local and international law enforcement channels in line with international best practice and local law,” he said.
Lt Cmdr Matthews said the Ministry of Technology has already begun conducting a comprehensive audit of all government systems.
“The ministry has identified all the critical infrastructure agencies, and we’ve begun an audit of all government systems to update the existing risk register of those critical agencies and others and are rolling out measures to protect the country’s assets and people’s information,” he explained.
The science and technology minister suggested that the government’s focus has now shifted to include empowering individuals to protect themselves.
“We live in a world where constant vigilance is necessary in a digital environment, just as we are cautious by locking our doors and warning our families about those that might do us harm,” Caddle said.
The awareness programme will focus on educating citizens and public sector employees on best practices for cyber hygiene. It will include guidance on practical steps citizens can take to secure their personal information, such as avoiding unfamiliar links and using two-factor authentication for online accounts.
The post BDF Cyber Unit leading investigation into Revenue Authority hack appeared first on Barbados Today.
