Asha Javeed

Lead Ed­i­tor In­ves­ti­ga­tions

asha.javeed@guardian.co.tt

Pub­lic Util­i­ties Min­is­ter Mar­vin Gon­za­les has di­rect­ed the chair­man of the Telecom­mu­ni­ca­tions Au­thor­i­ty of T&T (TSTT) to hire some­one in­de­pen­dent to in­ves­ti­gate the da­ta breach at the com­pa­ny.

Sources told the Sun­day Guardian this was be­ing done as there were se­ri­ous con­cerns about the man­age­ment of the or­gan­i­sa­tion.

“We can no longer trust the man­age­ment,” one source told the Sun­day Guardian.

Gon­za­les said the mat­ter will be made pub­lic when the in­ves­ti­ga­tion is com­plete.

“I have grave con­cerns,” he said.

He ex­plained that he re­lied on in­for­ma­tion pro­vid­ed by TSTT when he told Par­lia­ment last week that cus­tomers’ da­ta were not breached by their cy­ber­at­tack.

“Based on the se­cu­ri­ty pro­to­cols that were trig­gered when the in­cur­sion was de­tect­ed, TSTT’s da­ta and the da­ta of its cus­tomers were not in any way com­pro­mised,” the min­is­ter told Par­lia­ment.

Yes­ter­day, he said TSTT down­played the mat­ter to him.

“At that point, when I is­sued the state­ment, that was what was told to me. I had no choice but to ac­cept what the board and man­age­ment told me,” he said.

He ex­plained that as the mat­ter un­fold­ed in the pub­lic do­main and ex­perts were weigh­ing in on the sub­ject mat­ter, he called chair­man Sean Roach for a de­tailed re­port.

“I sent him back to the com­pa­ny’s man­age­ment to get a bet­ter pic­ture of what was un­fold­ing and they then ad­mit­ted there was a breach. So they is­sued an­oth­er state­ment,” he said.

On Oc­to­ber 9, TSTT suf­fered a da­ta breach.

Last week the com­pa­ny said there was no com­pro­mise of cus­tomer da­ta but added that it had not cor­rob­o­rat­ed in­for­ma­tion in the pub­lic do­main pur­port­ed to be cus­tomer in­for­ma­tion.

On Fri­day, the com­pa­ny is­sued an­oth­er state­ment that ad­mit­ted that 6GB, or less than one per cent of the petabytes of the com­pa­ny’s da­ta, was ac­cessed but that the ma­jor­i­ty of its cus­tomers’ da­ta was not ac­quired and no pass­words were com­pro­mised.

TSTT said it was de­ter­mined that some of the da­ta had been ac­cessed from a lega­cy sys­tem, which is no longer utilised but con­tains da­ta that is, in many in­stances, no longer valid.

The Com­mu­ni­ca­tions Work­ers’ Union sec­re­tary gen­er­al Clyde El­der has al­so ac­cused the com­pa­ny of not be­ing truth­ful from the on­set and in­stead was “danc­ing around the pub­lic”.

“Sev­er­al tech-savvy per­sons went and found the da­ta and re­alised that TSTT has been ly­ing to the pub­lic and TSTT is now forced to is­sue an­oth­er re­lease try­ing to down­play what the pub­lic al­ready knows. So, cus­tomers’ IDs, home ad­dress­es, and fi­nan­cial in­for­ma­tion are out there. This could have been avoid­ed,” he had said.

Mean­while, the Telecom­mu­ni­ca­tions Au­thor­i­ty of T&T (TATT) said it was “dis­turbed” by the da­ta breach­es at TSTT.

TATT, the reg­u­la­to­ry body for the telecom­mu­ni­ca­tions sec­tor in the coun­try, said it was mind­ful of the po­ten­tial ad­verse im­pli­ca­tions this mat­ter may have on con­sumer con­fi­den­tial­i­ty.

Gon­za­les said the mat­ter was a high­ly tech­ni­cal one and al­so asked the com­pa­ny to sub­mit a re­port to him.

In March 2022, there was a mal­ware in­cur­sion at TSTT, but at that time, Gon­za­les had said no one’s da­ta was com­pro­mised.