The Telecommunications Services of Trinidad and Tobago (TSTT) board yesterday fired CEO Lisa Agard in the wake of the recent cyberattack on the state-owned company.
Guardian Media understands the board took the decision yesterday after receiving advice from senior counsel. The board subsequently communicated to Agard that it had lost confidence in her based on how the company responded to and handled the October 9 cyberattack.
Contacted on the decision, TSTT chairman Sean Roach said, “It is not our policy to discuss any matter involving company personnel publicly. I can, however, say that the former CEO’s departure was in accordance with the terms and conditions of her contract. As chairman of the board of TSTT, I would like to wish her well in all her future endeavours.”
In a statement yesterday, the TSTT board announced the appointment of Kent Western as CEO effective immediately. Prior to his appointment, Western was TSTT’s general manager, Customer Experience and Marketing.
The cyber breach on TSTT was only made public on October 27, after Falcon Feeds, an India-based technology security company, reported on its X social media account that ransomware group, RansomExx, had added TSTT (http://tstt.co.tt) to its victim list. It claimed to have access to 6GB of organisation data.
Agard, an attorney with over 23 years’ experience in the telecommunications industry, was appointed TSTT CEO on May 24, 2021. At the time of her appointment, the company noted she was the first woman to be confirmed in the leadership role of the only national communications solution provider. Agard had been TSTT’s acting CEO since September 23, 2020.
Among her career hats, Agard was Amplia Communications Limited general manager and a former Guardian Media managing director.
Union feels vindicated
Meanwhile, Communications Workers’ Union secretary general Clyde Elder yesterday said the union felt vindicated by the board’s action, noting it was a step in the right direction.
“We have been calling for this,” he said.
However, he said Agard was not solely responsible for the response to the data leak and called for the removal of Chief Financial Officer Shiva Ramnarine as well.
“He did not pay for proper cyber security services for the company, which would have minimised the impact and protected customers,” Elder claimed.
Public Utilities Minister Marvin Gonzales has ordered an independent investigation into the data breach. He said the gravity of the situation warrants a thorough and full-scale investigation to ascertain the facts and circumstances that caused the breach, TSTT’s communications regarding the matter, and the actions the organisation is (and has been) taking to reduce the possibility of future cyber incursions.
He said TSTT has to make public the facts and findings, insofar as the details do not compromise customer confidentiality or further put at risk the integrity of its data or digital infrastructure.
Guardian Media understands TSTT has not yet appointed an investigator to the matter.
“It will unfold in two elements - the internal issues and the security component,” a source explained about the investigation.
How cyber breach unfolded
On October 28, TSTT said in a statement that there was no compromise of customer data, but said it had not corroborated information in the public domain purported to be customer information.
After cybersecurity experts went digging into the data and made their discoveries public, the company issued another statement on November 3, admitting that 6GB, or less than one per cent of the petabytes of the company’s data, was accessed. However, it said the majority of its customers’ data was not acquired and no passwords were compromised.
Last week, at a virtual investor call presentation, Agard apologised to the company’s customers and expressed regret for the way it handled its communication following the cyberattack.
“In our haste to address the cyber problem there were some things that we could have done better. We were so busily focused on identifying the problem, containing it and restoring full capability to serve our customers that we neglected perhaps to communicate effectively with them,” she said.
“The information currently in the public domain is largely personal identifiable information which experts have advised us does not pose an elevated risk of fraudulent activity to customers. We have, of course, advised our customers to be extremely vigilant and on the alert for any suspicious activity.”
Agard said TSTT has identified two possible hypotheses for the path the threat actors took, but the company was awaiting the completion of an investigation by international cybersecurity expert, CheckPoint. She said TSTT also engaged the services of a local independent cybersecurity company, CyberEye, which is affiliated to Crossword Cybersecurity Plc in the United Kingdom, to do a root cause and log analysis, secure re-enablement, assess the effectiveness of TSTT’s current cybersecurity controls for protecting its information asset against cyber threats and, finally, threat monitoring and detection.
Guardian Media has reported that the names of the country’s top officials, Prime Minster Dr Keith Rowley, President Christine Kangaloo, Chief Justice Ivor Archie, Finance Minister Colm Imbert, National Security Minister Fitzgerald Hinds, Police Commissioner Erla Harewood-Christopher and Public Utilities Minister Gonzales are all included in a list of people found in documents dumped on the dark web from TSTT’s data breach.
And despite denial by TSTT, Guardian Media obtained scans with credit card information, as well as bank account numbers, included in the 6GB data dump. Also included among the scans were banking information for customers, companies, state enterprises and ministries.
The list contains 1.2 million entries.
