Asha Javeed

Lead Ed­i­tor In­ves­ti­ga­tions

asha.javeed@guardian.co.tt

Khamal Georges, TSTT’s se­nior man­ag­er-Cor­po­rate, En­vi­ron­men­tal, So­cial and Rep­u­ta­tion Man­age­ment, has re­signed from the com­pa­ny. Act­ing chief ex­ec­u­tive Kent West­ern con­firmed to Guardian Me­dia that Georges sub­mit­ted his res­ig­na­tion and was head­ing to an­oth­er “op­por­tu­ni­ty”. Georges, a for­mer News­gath­er­ing Ed­i­tor and news an­chor at CNC3 News con­firmed that he had left TSTT to take up a po­si­tion at the CAF De­vel­op­ment Bank of Latin Amer­i­ca and the Caribbean.

“I val­ue my time at TSTT and I val­ue the peo­ple I had an op­por­tu­ni­ty to work with,” he told Guardian Me­dia yes­ter­day.

He is the third high-pro­file ex­it from the com­pa­ny, fol­low­ing a da­ta breach at the tele­coms com­pa­ny in Oc­to­ber 2023. For­mer chief ex­ec­u­tive Lisa Agard was fired by the Sean Roach-led board last No­vem­ber, while for­mer chief fi­nan­cial of­fi­cer Shi­va Ram­nar­ine was fired two months lat­er.

“TSTT made a de­ci­sion to ter­mi­nate my em­ploy­ment for no rea­son. It’s a clause that I specif­i­cal­ly re­quest­ed be put in­to my con­tract and that is to en­sure that in the case of hos­til­i­ty, an­i­mos­i­ty, or any oth­er types of is­sues that may arise, we can both part ways am­i­ca­bly,” Ram­nar­ine told a Joint Se­lect Com­mit­tee on Feb­ru­ary 19.

When asked whether his de­par­ture was linked to the mal­ware in­cur­sion, he an­swered, “I would say that there was a great deal of dis­in­for­ma­tion put out there about my not ap­prov­ing spend­ing, which has been re­fut­ed, which has been rub­bished. It has been pub­li­cised prop­er­ly de­spite the at­tempts of the net­work and IT team and oth­ers for that dis­in­for­ma­tion to cloud the in­com­pe­tence that was at play. So I would say, at this point, in hind­sight, I would say that played a sig­nif­i­cant role, but be­cause it’s a ter­mi­na­tion for no rea­son and they ef­fect­ed that clause, I can­not say specif­i­cal­ly what that would be. I would say that in the past year and a half, and I would ven­ture out there, there has been a sig­nif­i­cant amount of hos­til­i­ty and an­i­mos­i­ty di­rect­ed to­wards my­self.”

Fol­low­ing Georges’ ap­point­ment at TSTT, the Com­mu­ni­ca­tion Work­ers Union (CWU) voiced ob­jec­tions about his ap­point­ment and salary pack­age, and fol­low­ing the da­ta breach, the CWU called for the re­moval of Agard, Ram­nar­ine, and Georges.

Af­ter Agard was fired, TSTT ap­point­ed West­ern to the post of act­ing chief ex­ec­u­tive, ef­fec­tive im­me­di­ate­ly. The in­ves­ti­ga­tion is still on­go­ing.

Fol­low­ing the breach, the com­pa­ny’s line min­is­ter, Mar­vin Gon­za­les, or­dered an in­de­pen­dent in­ves­ti­ga­tion, which Guardian Me­dia un­der­stands is still on­go­ing.

Last week, Op­po­si­tion MP Bar­ry Padarath ques­tioned why the in­ves­ti­ga­tion was tak­ing so long. He re­called that on dif­fer­ent oc­ca­sions, Gon­za­les iden­ti­fied March, April, and May as pos­si­ble times when a re­port on the cy­ber­at­tack should be ready. “We are at the end of May 2024, and the Gov­ern­ment re­mains mum on the is­sue of the re­port,” he said.

For his part, Padarath said he has sent free­dom of in­for­ma­tion (FOI) re­quests to TSTT for the min­utes of board meet­ings about what hap­pened dur­ing and af­ter the in­ci­dent, but TSTT has re­fused to pro­vide the in­for­ma­tion. “We have tak­en a de­ci­sion that should we not get those board min­utes com­ing out of TSTT through the FOI, we are go­ing to go to the courts,” Padarath said.

Gon­za­les had said the Gov­ern­ment man­dat­ed TSTT’s Board to do a thor­ough and in­de­pen­dent in­ves­ti­ga­tion, and the board had tak­en steps to­wards fa­cil­i­tat­ing the start of the probe. Gon­za­les had said, “Ad­di­tion­al­ly, TSTT is still in the process of eval­u­at­ing all as­pects of the at­tack, in­clud­ing the val­i­da­tion of all re­port­ed in­for­ma­tion in the pub­lic do­main, that is, the per­son­al da­ta of all our cit­i­zens, in­clu­sive of mem­bers of the Cab­i­net and par­lia­men­tar­i­ans.”

Guardian Me­dia has re­port­ed that the names of the coun­try’s top of­fi­cials, Prime Min­is­ter Dr Kei­th Row­ley, Pres­i­dent Chris­tine Kan­ga­loo, Chief Jus­tice Ivor Archie, Fi­nance Min­is­ter Colm Im­bert, Na­tion­al Se­cu­ri­ty Min­is­ter Fitzger­ald Hinds, Po­lice Com­mis­sion­er Er­la Hare­wood-Christo­pher, and Pub­lic Util­i­ties Min­is­ter Mar­vin Gon­za­les, are all in­clud­ed in a list of peo­ple found in doc­u­ments down­loaded from the dark web from TSTT’s da­ta breach. And de­spite de­nial by TSTT, Guardian Me­dia ob­tained scans with cred­it card in­for­ma­tion, as well as bank ac­count num­bers, in­clud­ed in the 6GB da­ta bun­dle.

Al­so in­clud­ed among the scans were bank­ing in­for­ma­tion for cus­tomers, com­pa­nies, state en­ter­pris­es, and min­istries, as well as cred­it card num­bers in trans­ac­tion re­ceipts. There were al­so for­eign ID cards and doc­u­ments in the dump. The list con­tains 1.2 mil­lion en­tries.

There are hun­dreds of thou­sands of names on the list that has been post­ed on­line fol­low­ing the da­ta breach at the telecom­mu­ni­ca­tions com­pa­ny.

CWU cel­e­brates

In a press state­ment yes­ter­day, the CWU said that Georges’ time­ly res­ig­na­tion comes a bit ear­li­er than ex­pect­ed.

The union said the in­ves­ti­ga­tion re­port in­to the da­ta breach will soon shed light on the “al­leged state­ment which was pre­pared by Khamal Georges as stat­ed by the for­mer chief ex­ec­u­tive, Lisa Agard, which the min­is­ter re­lied on and mis­led the Par­lia­ment.”

The union said that since June 14, 2022, they have raised con­cerns about Georges’ ap­point­ment, as they be­lieved the post was cre­at­ed for him be­cause it was not ad­ver­tised.

The CWU added, “He has not added any val­ue to the or­gan­i­sa­tion from hire to res­ig­na­tion. It is al­so un­der­stood that he is set to join CAF. The union wish­es him well and trusts in this po­si­tion he will be “FIT FOR PUR­POSE.” 

The cy­ber breach

The cy­ber breach on TSTT oc­curred on Oc­to­ber 9 at 4.18 pm but was on­ly made pub­lic on Oc­to­ber 27 af­ter Fal­con Feeds, an In­dia-based tech­nol­o­gy se­cu­ri­ty com­pa­ny, re­port­ed on its X so­cial me­dia ac­count that ran­somware group Ran­somExx added TSTT (http://tstt.co.tt) to its vic­tim list. It claimed to have ac­cess to 6GB of or­gan­i­sa­tion da­ta.

On Oc­to­ber 28, TSTT said in a state­ment that there was no com­pro­mise of cus­tomer da­ta but added that it had not cor­rob­o­rat­ed in­for­ma­tion in the pub­lic do­main pur­port­ed to be cus­tomer in­for­ma­tion.

How­ev­er, af­ter cy­ber­se­cu­ri­ty ex­perts went dig­ging in­to the da­ta and made their dis­cov­er­ies pub­lic, the com­pa­ny is­sued an­oth­er state­ment.

On No­vem­ber 3, TSTT ad­mit­ted that 6GB, or less than one per cent of the petabytes of the com­pa­ny’s da­ta, was ac­cessed but that the ma­jor­i­ty of its cus­tomers’ da­ta was not ac­quired and no pass­words were com­pro­mised.