The Com­mu­ni­ca­tion Work­ers’ Union (CWU) has called for a thor­ough in­ves­ti­ga­tion in­to who caused Min­is­ter of Pub­lic Util­i­ties Mar­vin Gon­za­les to mis­in­form the Par­lia­ment on No­vem­ber 1 about the ran­somware at­tack against the Telecom­mu­ni­ca­tion Ser­vices of Trinidad and To­ba­go (TSTT).

CWU Sec­re­tary Gen­er­al Joanne Ogeer com­ment­ed on the heels of Mon­day’s 16th Meet­ing of the Joint Se­lect Com­mit­tee (JSC) on State En­ter­pris­es on the han­dling of TSTT’s cy­ber se­cu­ri­ty breach.

“It is our be­lief a fur­ther in­ves­ti­ga­tion should now take place in­to the source of the in­for­ma­tion as al­leged­ly pro­vid­ed by Mr Khamal Georges and al­leged­ly ap­proved by the GM of op­er­a­tions and ad­min­is­tra­tion. Al­so, who sub­stan­ti­at­ed the state­ment, that is to say, was it IT, be­fore the state­ment made its way to the ho­n­ourable min­is­ter?” Ogeer stat­ed.

Ogeer not­ed that while the union was sat­is­fied with the ques­tions raised at the JSC, she hoped the in­for­ma­tion pro­vid­ed dur­ing the in-cam­era ses­sion was ac­cu­rate. She fur­ther de­mand­ed that any­one found cul­pa­ble be held ac­count­able. This in­cludes the po­ten­tial for Min­is­ter Gon­za­les to be brought be­fore the Com­mit­tee of Priv­i­leges of the House of Rep­re­sen­ta­tives.

“No one is above the rule of law and to every ac­tion, there are con­se­quences for which there are au­thor­i­ta­tive bod­ies to treat with such con­se­quences,” she said.

Fol­low­ing Mon­day’s JSC, the MP for Princes Town and shad­ow min­is­ter of pub­lic util­i­ties Bar­ry Padarath is­sued a state­ment in which he vowed to bring an­oth­er mo­tion against Gon­za­les to be brought be­fore the Com­mit­tee of Priv­i­leges over the mat­ter. He brought the first mo­tion on De­cem­ber 13.

Padarath al­so de­mand­ed that Gon­za­les break his si­lence on the claims made by TSTT’s for­mer CEO Lisa Agard.

In an in­ter­view with Guardian Me­dia on Mon­day af­ter the JSC, Agard said the state­ment Gon­za­les read in Par­lia­ment was not the up­dat­ed in­for­ma­tion pro­vid­ed by the com­pa­ny. Agard claimed the min­is­ter quot­ed from a cor­re­spon­dence dat­ed Oc­to­ber 30 when he spoke in Par­lia­ment on No­vem­ber 1 even though he was pro­vid­ed with up­dat­ed in­for­ma­tion that cor­rect­ed the con­tents of the Oc­to­ber 30 cor­re­spon­dence. Agard al­so cat­e­gor­i­cal­ly de­nied mis­lead­ing the min­is­ter.

In re­sponse to these de­vel­op­ments, Padarath said the Board of TSTT and the min­is­ter have ques­tions to an­swer.

Among them, if Gon­za­les read the wrong de­tails de­spite hav­ing up­dat­ed in­for­ma­tion as stat­ed by Agard. Padarath ques­tioned if TSTT moved prompt­ly to ad­vise Gon­za­les that he need­ed to cor­rect the pub­lic record ex­pe­di­tious­ly. Ad­di­tion­al­ly, the Princes Town MP asked why Gon­za­les did not cor­rect the in­for­ma­tion in the pub­lic do­main de­spite know­ing it was in­ac­cu­rate and in­stead point­ed fin­gers at TSTT’s man­age­ment.

He went on to raise ques­tions about whether Gon­za­les was aware that TSTT’s CEO was al­leged­ly in­struct­ed by the board that they were to make no pub­lic state­ments on the cy­ber-at­tack.

Ad­di­tion­al­ly, Padarath asked if he was con­sult­ed on Agard’s fir­ing and about his re­la­tion­ship with act­ing TSTT CEO Kent West­ern who was al­leged­ly placed in­to the po­si­tion while on pro­ba­tion in an­oth­er po­si­tion at the or­gan­i­sa­tion.

Con­tact­ed for com­ment, Gon­za­les did not re­spond.

Mean­while, Agard said she would on­ly speak fur­ther on the sub­ject at a sub­se­quent JSC al­though she ad­mit­ted that she had not yet been in­vit­ed by chair An­tho­ny Vieira, SC.

Mean­while, TSTT would not re­spond to the com­ments in the pub­lic do­main. “This mat­ter is the sub­ject of an on­go­ing in­de­pen­dent in­ves­ti­ga­tion and there­fore it would be in­ap­pro­pri­ate to com­ment at this time,” TSTT said.

Time­line of breach

* The breach took place on Oc­to­ber 9, but the pub­lic was on­ly in­formed on Oc­to­ber 27 via In­dia-based tech­nol­o­gy se­cu­ri­ty com­pa­ny Fal­con Feeds. Tak­ing to its X so­cial me­dia ac­count, Fal­con Feeds said ran­somware group Ran­somExx added TSTT to its vic­tim list claim­ing to have stolen six gi­ga­bytes of da­ta.

• On Oc­to­ber 30, TSTT is­sued a state­ment which said that cus­tomers’ da­ta was not com­pro­mised dur­ing the leak.

* On No­vem­ber 1, this was re­peat­ed by Min­is­ter Gon­za­les in Par­lia­ment. He al­so told the me­dia that claims of a cy­ber-at­tack were un­true.

* How­ev­er, days lat­er, on No­vem­ber 5, Gon­za­les re­tract­ed his pre­vi­ous com­ments, con­firmed that TSTT was hit by a cy­ber-at­tack, and or­dered an in­de­pen­dent in­ves­ti­ga­tion.

* On Jan­u­ary 19, Gon­za­les apol­o­gised to the Par­lia­ment, say­ing the state­ment on No­vem­ber 1 was made in good faith and based on in­for­ma­tion pro­vid­ed by TSTT.