Paolo Kernahan

"How to squander trust and alienate customers." This has to be the handbook TSTT managers are reading from.

Reports trickled out of a major digital raid on the company's database - people's personal information had been "dumped" onto the dark web.

TSTT, for its part, suggested hackers tried but failed to access its systems. Its statement said, "At the onset of the threat, TSTT's incident response processes were swiftly activated."

The line minister, Marvin Gonzales, presumably armed with assurances from TSTT, confidently put his head under the guillotine and said, "That is not true."

It was eventually proven to be true.

The company vacillated in print between throwing doubt on whether the purloined data came from its systems to eventually admitting - Yeah, that's us. Hard luck dey!

Still, the severity was downplayed: "No data was lost or manipulated..."

Technically, it wasn't being dishonest. The data wasn't lost per se - it could be found by anyone with the know-how and intent on the dark web.

It's important to get one point clear: no one is expecting TSTT's data systems to be impervious to cyberattacks. As IT systems have become more sophisticated, so have hackers. Malware is being deployed to extort companies and people everywhere. People's identities, intellectual property, and credit card information are stolen every day online. That's just the nature of the world we live in today.

TSTT can be forgiven for a breach of its data systems; a wilful breach of the public trust is another matter entirely.

After first issuing a denial, TSTT's credibility on everything it said thereafter was shot. Indeed, there was a sense that people who were clanging the alarm bells about the incident were being accused of mischievousness.

Here's why a proper communications strategy was so important in this affair.

Ordinary citizens don't understand data dumps and ransomware and the dark web and all this. Few people know what it means for their sensitive information - identification, email addresses, scanned personal documents, etc - to be released into some sort of criminal digital underworld.

Where was the counsel for the public on whether they should change passwords, for example? Basic instructions on what they could do to protect their personal information online?

But then, TSTT couldn't very well do that after having pooh-poohed the idea that the data breach was anything to be worried about in the first place.

This was a massive communications failure from a massive communications company.

It's worth noting that TSTT is also, traditionally, one of the highest-paying companies in TT. One would think there would be competence, awareness of best practices and performance commensurate with bloated salaries.

The company's approach to the breach bore the tenor of an old-school standard denial - a contagion it was happy to pass on to the line minister. And we all know how uncomfortable politicians are with telling untruths to the public.

Why wasn't anyone fire