The following is the fourth part of ASA Philippines Foundation Inc.’s response to the series of articles that appeared from 5 to 11 November based on interviews with the foundation’s former President and chief executive officer, Kamrul Tarafder and documents he provided:
Kamrul: “Subsequently, Jyosna began receiving disparaging comments clearly intended to discredit its software and solution.
It is worth noting that while these ASA individuals showed their discontent towards ASA, their IT Operations Head felt otherwise and was confident about Jyosna’s capability.
Several days later, Jyosna detected an anomalous unauthorized entry into its network.
Countermeasures were immediately implemented to remediate and prevent further hacking while the investigation found evidence of exfiltration of information from about 35 ASA clients only out of several million.
Relative to the hacking incident, Jyosna received messages from the threat actors who identified themselves as the Medusa Group through a message left in one of the hacked user accounts and through email communication from the sender, medusa.ru@protonmail.com.
The email was sent to Jyosna and top executives of ASA Foundation including Gotuaco, with the exception of Kamrul who was the incumbent president and CEO of ASA Foundation then.
Kamrul indicated that it was curious to note that Mr. Gotuaco received the email communication from Medusa through his email, which was nowhere visible in the entire IT system of both Jyosna and ASA Foundation.”
ASA Philippines: The claim that ASA’s IT Operations Head was “confident about Jyosna’s capability” has no basis.
First, there is no IT Operations Head designation. Second, on the contrary, upon finding out from Jyosna about the potential hacking incident of the system, ASA’s IT leadership and IT Committee lacked confidence in Jyosna’s capabilities considering the delay it took in informing ASA about the incident, among others.
Furthermore, the initial communication from Medusa was sent through the Jyosna system, and not through email. That no email was sent to Mr. Kamrul while being sent to the rest of the ASA management as claimed in the Articles, does not in any way support the malicious insinuation that ASA was the one who conducted the hacking.
ASA had immediately taken steps to address the issue and has in fact spared no expense, engaging the services of third-party experts to look into the matter. ASA’s actions belie any malicious insinuation that it was the one behind the attack, especially since the data of its clients were the ones at risk.
ASA would definitely not risk reputation impact if only to remove Mr. Kamrul from his post.
(To be continued)