JavaScript is disabled in your web browser or browser is too old to support JavaScript. Today almost all web pages contain JavaScript, a scripting programming language that runs on visitor's web browser. It makes web pages functional for specific purposes and if disabled for some reason, the content or the functionality of the web page can be limited or unavailable.

Friday, April 4, 2025

Agard threatens to sue new TSTT CEO

... after he blames her for cyberbreach misinformation to Minister

by

Dareece Polo
437 days ago
20240123

DA­REECE PO­LO

Se­nior Re­porter

da­reece.po­lo@guardian.co.tt

For­mer Telecom­mu­ni­ca­tions Ser­vices of Trinidad and To­ba­go CEO Lisa Agard, is threat­en­ing le­gal ac­tion against her suc­ces­sor, Kent West­ern, who yes­ter­day im­plied that she may have mis­led Min­is­ter of Pub­lic Util­i­ties Mar­vin Gon­za­les on the da­ta breach that hit the com­pa­ny in Oc­to­ber last year.

Agard made the com­ment dur­ing an in­ter­view with Guardian Me­dia yes­ter­day, hours af­ter a Joint Se­lect Com­mit­tee (JSC) on State En­ter­pris­es spent two-and-a-half hours analysing TSTT’s han­dling of the Oc­to­ber 9 cy­ber­se­cu­ri­ty breach.

“This CEO, the for­mer CEO of TSTT, cat­e­gor­i­cal­ly de­nies that I pro­vid­ed any mis­lead­ing or false in­for­ma­tion to the min­is­ter, or in­deed to any stake­hold­er group through­out this en­tire process,” she said.

“And if TSTT’s CEO is say­ing that I pro­vid­ed mis­lead­ing or false in­for­ma­tion to the ho­n­ourable min­is­ter, that is ab­solute­ly wrong and a se­ri­ous and egre­gious defama­tion for which I will have to con­sult my at­tor­neys to ad­vise me on the ap­pro­pri­ate le­gal ac­tion to take against TSTT and the act­ing CEO, in par­tic­u­lar, for de­fam­ing my char­ac­ter.”

It was on Oc­to­ber 27 that the pub­lic was in­formed about the in­ci­dent that led to six gi­ga­bytes of TSTT da­ta be­ing re­leased on the dark web.

On No­vem­ber 1, when Cou­va South MP Rudy In­dars­ingh posed an ur­gent ques­tion to Gon­za­les on whether any of TSTT’s da­ta was com­pro­mised, he re­spond­ed by say­ing, “I can ad­vise, Ho­n­ourable Mem­ber, that based on the safe­ty pro­to­cols that were trig­gered when the in­cur­sion was de­tect­ed, that TSTT’s da­ta and the da­ta of its cus­tomers were not in any way com­pro­mised.”

He would lat­er re­tract those state­ments in the me­dia, lead­ing Princes Town MP Bar­ry Padarath to file a mo­tion on De­cem­ber 13 to send Gon­za­les to the Priv­i­leges Com­mit­tee for mis­lead­ing the Par­lia­ment.

Gon­za­les, how­ev­er, apol­o­gised over the mat­ter to the House last Fri­day and no fur­ther ac­tion was tak­en against him.

Ad­dress­ing TSTT of­fi­cials dur­ing the meet­ing yes­ter­day, JSC mem­ber Wade Mark said Gon­za­les had at­trib­uted all his state­ments on No­vem­ber 1 to TSTT. He thus asked for an ex­pla­na­tion of who on TSTT’s ex­ec­u­tive man­age­ment or board of di­rec­tors had mis­led or mis­p­re­sent­ed in­for­ma­tion on the breach.

“Ho­n­ourable mem­ber, the of­fice of the CEO is re­spon­si­ble for all brand rep­u­ta­tion state­ments. So, the CEO’s of­fice is the one that is­sues any state­ment or au­tho­ris­es any state­ments to the pub­lic or to the board, es­pe­cial­ly in cas­es of a sen­si­tive na­ture,” West­ern said.

Mark probed fur­ther, ask­ing West­ern for clar­i­fi­ca­tion on whether that com­mu­ni­ca­tion read in the par­lia­men­tary record was pro­vid­ed by for­mer CEO Lisa Agard, who was fired in the fall­out over how the breach was han­dled.

“Yes, ho­n­ourable mem­ber, I will state in my view that the of­fice that would is­sue that in­struc­tion or that no­ti­fi­ca­tion would be the of­fice of the CEO,” West­ern re­peat­ed.

How­ev­er, Agard last evening re­tort­ed that this was not ac­cu­rate. She said her on­ly com­mu­nique with the Min­is­ter on the mat­ter was via What­sApp on No­vem­ber 1. She said he re­quest­ed in­for­ma­tion in re­sponse to the ur­gent ques­tion from the Op­po­si­tion MP. A state­ment was sub­se­quent­ly pre­pared by the com­mu­ni­ca­tions de­part­ment af­ter li­ais­ing with the net­works and IT de­part­ment be­fore it was sent to the then CEO.

“Based on my rec­ol­lec­tion of events, what was ac­tu­al­ly said by the Min­is­ter in the Par­lia­ment was not what was ac­tu­al­ly pre­pared for him. What he quot­ed from in the Par­lia­ment, on the first of No­vem­ber, was from the pub­lic state­ment that TSTT had made on the 30th of Oc­to­ber,” she ex­plained.

JSC chair An­tho­ny Vieira sub­se­quent­ly said Agard would be in­vit­ed to re­spond to some of the state­ments made. Agard wel­comed any op­por­tu­ni­ty to ap­pear be­fore the JSC to clar­i­fy the time­line of com­mu­ni­ca­tion.

Asked if she felt like she was be­ing used as a scape­goat, Agard said that was a ques­tion for the board to an­swer.

“I have no idea to this day why the board pre­ma­ture­ly ter­mi­nat­ed my con­tract of em­ploy­ment and so, there­fore, I think the prop­er en­ti­ty to which you should ad­dress that ques­tion is the board of di­rec­tors of TSTT,” she said.

Gon­za­les had no com­ment on the mat­ter when con­tact­ed by Guardian Me­dia yes­ter­day.

Mean­while, the cur­rent act­ing TSTT CEO al­so told the JSC that tax­pay­ers paid close to a mil­lion dol­lars to da­ta pro­tec­tion com­pa­ny Cy­ber­Eye Lim­it­ed in the af­ter­math of the breach. How­ev­er, West­ern said a ran­som was not paid to those who at­tacked its sys­tem.

“The ini­tial cost was 975 thou­sand dol­lars, Trinidad and To­ba­go dol­lars. There was no ran­som paid to Ran­somExx on the ad­vice of our con­sul­tants and in keep­ing with in­dus­try guid­ance, we do not ne­go­ti­ate with ter­ror­ists or com­pa­nies that po­si­tion them­selves in this role, as it fur­ther ex­pos­es the busi­ness,” West­ern said.

Check Point Soft­ware Tech­nolo­gies was al­so hired in 2022 but TSTT of­fi­cials could not state how much was paid to the com­pa­ny for its ser­vices.

Part of the JSC ses­sion, where sen­si­tive is­sues could be dis­cussed, were al­so heard in-cam­era on TSTT’s re­quest, which the pan­el agreed to.

An in­ter­nal in­ves­ti­ga­tion in­to the breach, or­dered by Min­is­ter Gon­za­les, is ex­pect­ed in 16 weeks.

Last year, on the heels of the breach, Guardian Me­dia ob­tained scans which re­vealed that bank­ing in­for­ma­tion for cus­tomers, com­pa­nies, state en­ter­pris­es and min­istries was al­so re­leased.

TSTT se­nior man­ag­er Tanya Muller told the JSC it was on­ly “a cou­ple” of cas­es where this in­for­ma­tion, in­clud­ing cred­it card de­tails, was re­leased. She said there were 531 files in par­tic­u­lar that stored birth cer­tifi­cates, death cer­tifi­cates and cred­it card in­for­ma­tion that were ul­ti­mate­ly leaked.


Related articles

Sponsored

Weather

PORT OF SPAIN WEATHER

Sponsored