The Communication Workers’ Union (CWU) has called for a thorough investigation into who caused Minister of Public Utilities Marvin Gonzales to misinform the Parliament on November 1 about the ransomware attack against the Telecommunication Services of Trinidad and Tobago (TSTT).
CWU Secretary General Joanne Ogeer commented on the heels of Monday’s 16th Meeting of the Joint Select Committee (JSC) on State Enterprises on the handling of TSTT’s cyber security breach.
“It is our belief a further investigation should now take place into the source of the information as allegedly provided by Mr Khamal Georges and allegedly approved by the GM of operations and administration. Also, who substantiated the statement, that is to say, was it IT, before the statement made its way to the honourable minister?” Ogeer stated.
Ogeer noted that while the union was satisfied with the questions raised at the JSC, she hoped the information provided during the in-camera session was accurate. She further demanded that anyone found culpable be held accountable. This includes the potential for Minister Gonzales to be brought before the Committee of Privileges of the House of Representatives.
“No one is above the rule of law and to every action, there are consequences for which there are authoritative bodies to treat with such consequences,” she said.
Following Monday’s JSC, the MP for Princes Town and shadow minister of public utilities Barry Padarath issued a statement in which he vowed to bring another motion against Gonzales to be brought before the Committee of Privileges over the matter. He brought the first motion on December 13.
Padarath also demanded that Gonzales break his silence on the claims made by TSTT’s former CEO Lisa Agard.
In an interview with Guardian Media on Monday after the JSC, Agard said the statement Gonzales read in Parliament was not the updated information provided by the company. Agard claimed the minister quoted from a correspondence dated October 30 when he spoke in Parliament on November 1 even though he was provided with updated information that corrected the contents of the October 30 correspondence. Agard also categorically denied misleading the minister.
In response to these developments, Padarath said the Board of TSTT and the minister have questions to answer.
Among them, if Gonzales read the wrong details despite having updated information as stated by Agard. Padarath questioned if TSTT moved promptly to advise Gonzales that he needed to correct the public record expeditiously. Additionally, the Princes Town MP asked why Gonzales did not correct the information in the public domain despite knowing it was inaccurate and instead pointed fingers at TSTT’s management.
He went on to raise questions about whether Gonzales was aware that TSTT’s CEO was allegedly instructed by the board that they were to make no public statements on the cyber-attack.
Additionally, Padarath asked if he was consulted on Agard’s firing and about his relationship with acting TSTT CEO Kent Western who was allegedly placed into the position while on probation in another position at the organisation.
Contacted for comment, Gonzales did not respond.
Meanwhile, Agard said she would only speak further on the subject at a subsequent JSC although she admitted that she had not yet been invited by chair Anthony Vieira, SC.
Meanwhile, TSTT would not respond to the comments in the public domain. “This matter is the subject of an ongoing independent investigation and therefore it would be inappropriate to comment at this time,” TSTT said.
Timeline of breach
* The breach took place on October 9, but the public was only informed on October 27 via India-based technology security company Falcon Feeds. Taking to its X social media account, Falcon Feeds said ransomware group RansomExx added TSTT to its victim list claiming to have stolen six gigabytes of data.
• On October 30, TSTT issued a statement which said that customers’ data was not compromised during the leak.
* On November 1, this was repeated by Minister Gonzales in Parliament. He also told the media that claims of a cyber-attack were untrue.
* However, days later, on November 5, Gonzales retracted his previous comments, confirmed that TSTT was hit by a cyber-attack, and ordered an independent investigation.
* On January 19, Gonzales apologised to the Parliament, saying the statement on November 1 was made in good faith and based on information provided by TSTT.