PE­TER CHRISTO­PHER

pe­ter.christo­pher@guardian.co.tt

Thou­sands of peo­ple pos­si­bly hop­ing yes­ter­day to beat the month-end and long-week­end crowds at Massy Stores were left frus­trat­ed, as the pop­u­lar gro­cery chain was forced to close all of its branch­es due to a cy­ber­se­cu­ri­ty at­tack.

Cus­tomers were turned away as the Massy staff re­alised the check­out sys­tem was not func­tion­ing and sales at the com­pa­ny’s 23 branch­es na­tion­wide could not be com­plet­ed.

Even cus­tomers who sought to pay bills through Sure­pay and Mon­ey­gram wire mon­ey trans­fer ser­vices were turned away.

The on­ly busi­ness con­duct­ed at Massy Stores lo­ca­tions was the sale of its pre­pared lunch­es, which were sold in cash-on­ly trans­ac­tions.

The com­pa­ny con­firmed in a state­ment sent to both me­dia and post­ed to so­cial me­dia plat­forms that typ­i­cal sales could not hap­pen at any of their stores due to a tech­ni­cal is­sue.

Massy said, “These chal­lenges im­pact our cus­tomer shop­ping ex­pe­ri­ence as items can­not be pur­chased from our store lo­ca­tions or phar­ma­cies at this time.”

Lat­er in the day, an­oth­er re­lease con­firmed a cy­ber at­tack led to the tech­ni­cal dif­fi­cul­ties ex­pe­ri­enced at all stores across the coun­try.

In the state­ment, Massy said it took “im­me­di­ate ac­tion, sus­pend­ing all cus­tomer-fac­ing sys­tems, and has been work­ing with third-par­ty ex­perts to re­solve the sit­u­a­tion. Back­up servers were not af­fect­ed and the tech­ni­cal team is ac­tive­ly work­ing with the ex­pert teams to re­store the sys­tem safe­ly and in the short­est time pos­si­ble.”

This ad­mis­sion of a cy­ber at­tack comes less than a week af­ter Aero­post con­firmed the cred­it card in­for­ma­tion of sev­er­al cus­tomers was com­pro­mised af­ter many clients were alert­ed to un­usu­al ac­tiv­i­ty on their cred­it card ac­counts. Aero­post con­firmed the breach last week­end and ad­vised cus­tomers to con­tact their banks.

Massy, how­ev­er, be­lieved cus­tomer in­for­ma­tion had not been im­pact­ed by the at­tack.

Massy said, “The com­pa­ny is not aware of any ev­i­dence at this time that any cus­tomer, sup­pli­er or em­ploy­ee da­ta has been com­pro­mised or mis­used as a re­sult of the sit­u­a­tion.”

Yes­ter­day, Dr Ronald Wal­cott, man­ag­ing di­rec­tor of Pre­ci­sion Cy­bertech­nolo­gies and Dig­i­tal So­lu­tions, a cy­ber se­cu­ri­ty firm, said the at­tack ap­peared to be a de­nial of ser­vice rather than an at­tempt to steal per­son­al in­for­ma­tion.

“I would not like to spec­u­late on what tran­spired, I don’t have the in­for­ma­tion. Giv­en what I have seen and from my un­der­stand­ing of what tran­spired, it seemed to be more of a de­nial of ser­vice at­tack. What you call a DOS at­tack and that does not usu­al­ly lend it­self to the ex­trac­tion of per­son­al in­for­ma­tion. So I would not au­to­mat­i­cal­ly think so, but I don’t have enough in­for­ma­tion to be able to com­ment on that,” he said.

Staff at Massy Stores Westmoorings wait outside the supermarket during its closure because of a cyber attack yesterday, even as customers approach the store to do business.

NICOLE DRAYTON

How­ev­er, he not­ed that cy­ber-at­tacks had been on the rise in the re­gion.

“What’s hap­pen­ing now here in Trinidad and To­ba­go is hap­pen­ing glob­al­ly. When we look at some of the ac­tiv­i­ty we’ve been see­ing in the last cou­ple of months, we’ve seen a sig­nif­i­cant in­crease in cy­ber ac­tiv­i­ties in Latin Amer­i­ca and the Caribbean. It’s hard to pin­point ex­act­ly where it is com­ing from. But it’s hap­pen­ing and it’s go­ing to on­ly in­crease and get more sig­nif­i­cant,” he warned.

He said the Gov­ern­ment would have to look at ad­di­tion­al laws with re­gard to cy­ber­crime but al­so stressed that com­pa­nies would have to in­crease vig­i­lance con­cern­ing these at­tacks.

“I would ex­pect it’s on­ly a mat­ter of time be­fore our Gov­ern­ment looks in­to those pri­va­cy laws. When it comes to cy­ber­crime, cy­ber ac­tiv­i­ties, there is what we call the CIA tri­ad that deals with con­fi­den­tial­i­ty, in­tegri­ty and avail­abil­i­ty. One of the key as­pects of con­fi­den­tial in­for­ma­tion is the fact that per­son­al in­for­ma­tion and per­son­al iden­ti­ty should be pro­tect­ed. So that is al­ways go­ing to be of con­cern to cus­tomers.”

He added, “We have been try­ing to ed­u­cate peo­ple just for them to be aware. You need to be aware and be ed­u­cat­ed. Par­tic­u­lar­ly em­ploy­ees of or­gan­i­sa­tions, com­pa­nies need to relook at the risk that they are tak­ing, which means that they should look at their cy­ber se­cu­ri­ty ex­po­sure. “Be­cause you need to se­cure your net­works, you need to en­sure that all of your crit­i­cal da­ta is en­crypt­ed and that you have it backed up and stored. And that you are al­ways vig­i­lant. So a num­ber of or­gan­i­sa­tions would have de­ployed var­i­ous tools, an­tivirus, fire­walls, and so on but they need to do a hard look at that right now to en­sure they have the best pro­tec­tion in place.”

Massy said it would work to rec­ti­fy the sit­u­a­tion to al­low stores to open to­day.