JavaScript is disabled in your web browser or browser is too old to support JavaScript. Today almost all web pages contain JavaScript, a scripting programming language that runs on visitor's web browser. It makes web pages functional for specific purposes and if disabled for some reason, the content or the functionality of the web page can be limited or unavailable.

Sunday, February 23, 2025

Union urges minister to release results of TSTT cyberbreach report

by

30 days ago
20250124

 

A re­port on the find­ings sur­round­ing a cy­ber­se­cu­ri­ty breach at the Telecom­mu­ni­ca­tions Ser­vices of Trinidad and To­ba­go Lim­it­ed (TSTT) in Oc­to­ber 2023 has been re­leased, and the Com­mu­ni­ca­tions Work­ers’ Union (CWU) is call­ing for a full pub­lic dis­clo­sure.

The re­port, com­piled by in­de­pen­dent in­ves­ti­ga­tors, was sub­mit­ted to Min­is­ter of Pub­lic Util­i­ties Mar­vin Gon­za­les yes­ter­day by TSTT’s board of di­rec­tors and ex­am­ines the cir­cum­stances of the breach, its im­pact, and rec­om­men­da­tions to ad­dress vul­ner­a­bil­i­ties.

The breach, ex­e­cut­ed by the hack­ing group Ran­somExx on Oc­to­ber 9, 2023, ex­posed six gi­ga­bytes of cus­tomer da­ta, which were lat­er up­loaded to the dark web. TSTT main­tained the stolen da­ta was out­dat­ed and ac­count­ed for less than one per cent of its to­tal stor­age, but the in­ci­dent trig­gered wide­spread con­cerns about da­ta se­cu­ri­ty and trans­paren­cy.

Gon­za­les yes­ter­day ac­knowl­edged the se­ri­ous­ness of the breach.

He said, “In the dig­i­tal en­vi­ron­ment in which we now op­er­ate, cy­ber in­cur­sions pose a con­stant and per­sis­tent threat to busi­ness con­ti­nu­ity and in­for­ma­tion se­cu­ri­ty. It is im­per­a­tive that we all re­main vig­i­lant and that we learn from past short­com­ings.”
“No or­gan­i­sa­tion is ful­ly im­mune to cy­ber in­cur­sion, and a key pro­to­col in man­ag­ing such breach­es is clear, sin­cere and hon­est com­mu­ni­ca­tions with all stake­hold­ers, es­pe­cial­ly cus­tomers and mem­bers of the pub­lic.”

The fall­out from the breach was sig­nif­i­cant, with the ter­mi­na­tion of CEO Lisa Agard on No­vem­ber 15, 2023, and de­par­ture of CFO Shi­va Ram­nar­ine short­ly af­ter. Cor­po­rate com­mu­ni­ca­tions head Khamal Georges re­signed in June 2024.

In the wake of the at­tack, TSTT en­list­ed lo­cal cy­ber­se­cu­ri­ty firm Cy­ber­Eye to con­duct a root cause analy­sis and strength­en its cy­ber­se­cu­ri­ty frame­work.

Yes­ter­day, CWU gen­er­al sec­re­tary Joanne Ogeer urged Gon­za­les to make the re­port pub­lic.

“The pub­lic has a right to know be­cause they were di­rect­ly af­fect­ed by the breach. Trans­paren­cy is crit­i­cal to re­build­ing trust and en­sur­ing ac­count­abil­i­ty,” Ogeer said.

She al­so crit­i­cised how the fall­out was han­dled.

“I can cat­e­gor­i­cal­ly state that this ad­min­is­tra­tor was vi­cious­ly tar­get­ed, es­pe­cial­ly dur­ing the Joint Se­lect Com­mit­tee hear­ings, where blame was un­fair­ly placed at her feet. This was deeply con­cern­ing and shows the need for a more bal­anced ap­proach to ac­count­abil­i­ty,” Ogeer claimed.

She com­mend­ed TSTT for re­view­ing its poli­cies but urged em­ploy­ees to sup­port and up­hold these mea­sures to pro­tect the or­gan­i­sa­tion.

The union al­so em­pha­sised the im­por­tance of em­ploy­ee train­ing in cy­ber­se­cu­ri­ty.

Gon­za­les has com­mit­ted to sub­mit­ting the re­port to the Na­tion­al Se­cu­ri­ty Coun­cil and Joint Se­lect Com­mit­tee of Par­lia­ment for fur­ther re­view.

Ef­forts to reach for­mer TSTT CEO Agard for com­ment proved fu­tile.


Related articles

Sponsored

Weather

PORT OF SPAIN WEATHER

Sponsored