The Telecommunications Services of T&T (TSTT) was the target of a malware “incursion” on March 13, when TSTT’s systems detected a security attack directed at a number of the company’s internal-only solutions/applications.
This was revealed by Public Utilities Minister Marvin Gonzales in Parliament yesterday.
Gonzales gave the information in reply to United National Congress MP Rudy Indarsingh’s query on why TSTT’s web portal, which facilitates online bill payment, was non-functional from March 14-29.
Gonzales said after the issue was detected, as a precautionary measure, all possibly impacted systems were isolated, including TSTT’s online payment application from its website, stored within the private cloud environment.
“Consequently, TSTT was unable to process payment transactions from the 13th to 28th March 2022, via this platform. However, during this specific period, TSTT informed its customers that they were still able to make payments via bank transfer, SurePay, Western Union, NLCB—VIA and the My Bmobile application,” he said.
Gonzales said he didn’t have the cost of the malware incursion on hand yesterday. On assurances that it won’t recur, Gonzales said, TSTT’s team did a series of immediate environmental protection steps as follows:
• The software master records of the infected machines were destroyed, completely removing these systems from TSTT’s environment.
• The cloud host servers were rebuilt following the manufacturer’s best practice to secure enhanced security features and reduce risk.
“There are a number of other interventions made in the security systems of TSTT and I’m pleased to advise the citizens and particularly TSTT customers, that the company has done sufficiently to address this concern and to prevent a possible occurrence of the incident,” Gonzales said.
Indarsingh asked if the malware incursion was internal or external.
Gonzales said, “A malware incursion is quite normal in that environment. What is important is that it is detected early, it is isolated to prevent any deterrents or any negative impact on customers.
“This is something that is continuous and has to be monitored and therefore, the company is constantly monitoring its systems to prevent these occurrences. But these things happen from time to time on any infrastructure of this nature.”
Several companies have been hit by cyberattacks in recent weeks. Only last week, Massy Stores was also forced to shut down its payment system after a cyberattack.
Meanwhile, Education Minister Dr Nyan Gadsby-Dolly, responding on outstanding debt owed to school transport operators, said the Ministry of Education collaborates with the Public Transport Service Commission (PTSC) for the provision of transportation to students.
“The Ministry continues to process invoices sent by the PTSC, make payments and resolve any queries that have arisen. This process is ongoing,” Gadsby-Dolly said.