The names of the country’s President Christine Kangaloo, Chief Justice Ivor Archie, Finance Minister Colm Imbert, National Security Minister Fitzgerald Hinds, Commissioner of Police Erla Harewood-Christopher and Public Utilities Minister Marvin Gonzales are all included on a list of customers whose personal information was leaked during a data breach at TSTT.
Other Government ministers including Tourism, Culture and the Arts Minister Randall Mitchell, Minister of Digital Transformation Hassel Bacchus, Labour Minister Stephen Mc Clashie, Minister of Sport and Community Development Shamfa Cudjoe, Social Development Minister Donna Cox, Minister of Trade Paula Gopee-Scoon, Minister of Works and Transport Rohan Sinanan also had their information leaked.
The names of TSTT’s present chief executive officer, Lisa Agard and its former chief executive Ronald Walcott are also on the list.
The list contains 1.2 million entries.
In some instances, there are multiple entries. For Minister Imbert, there are three entries and one listed as office. For Sinanan, there are three entries and two are listed as Rohan Sinanan Company Limited.
In others, there is only one.
Yesterday, Guardian Media reported that Prime Minister Dr Keith Rowley was also included in the list. The Excel document also had his birth date and a PO box address for him as Prime Minister.
It was downloaded from the dark web, which hosts 6 GB of data which originated from TSTT.
The data bundle includes scans, a list of names and credentials.
There are hundreds of thousands of names on the list which has been posted online following the data breach at the telecommunications company.
As of yesterday, the data has been downloaded over 15,796 times.
The data has names, home addresses, email addresses, cell phone numbers, birth certificates, passport numbers, identification cards, receipts, internal emails as well as credentials.
The company’s Line Minister, Gonzales has ordered an independent investigation into the data breach.
The minister said the gravity of the situation warrants a thorough and full-scale investigation to ascertain the facts and circumstances that caused the breach, TSTT’s communications regarding the matter, and the actions the organisation is (and has been) taking to reduce the possibility of future cyber incursions. TSTT declined to comment on the matter yesterday. The Guardian was unable to get any public official to comment.
Digicel’s 2021 breach
wasn’t in T&T
As the data breach unfolds for TSTT, Digicel’s chief executive Abraham Smith sought to clear the air on a 2021 cyber attack on the company.
Yesterday, information began to circulate about the breach. But Smith said it was Digicel Jamaica and not Digicel Trinidad which was affected. He said the incident was not recent.
“Digicel is aware of a recent social media post regarding a data breach that took place in 2021. I want to assure the community that Digicel Trinidad and Tobago was not affected and to date has no known data breaches from the mentioned threat actor,” he said.
“No organisation is immune to cyberattacks, and while Digicel withstands thousands of attempted attacks daily, the vast majority of these are unsuccessful as our systems are proven to be robust and world-class. However, attacks like these are on the rise globally, and cyber criminals like RansomExx constantly try to find new ways of attacking and exploiting systems.
He said that Digicel has taken a proactive approach in its threat protection and mitigation management, and while attacks cannot be wholly prevented if a breach does occur, Smith promised full transparency in informing the relevant parties and providing guidance on steps to take to help safeguard personal data.
