KEVON FELMINE

Se­nior Re­porterkevon.felmine@guardian.co.tt

The Telecom­mu­ni­ca­tions Ser­vices (TSTT) says there was no loss, ma­nip­u­la­tion or com­pro­mise of cus­tomer da­ta from its data­bas­es, de­spite re­ports that it sus­tained a cy­ber at­tack this month.

In a state­ment yes­ter­day, the telecom­mu­ni­ca­tions ser­vice provider said it had not cor­rob­o­rat­ed da­ta cur­rent­ly in the pub­lic do­main pur­port­ed to be cus­tomer in­for­ma­tion. It not­ed that var­i­ous TSTT plat­forms gen­er­ate ter­abytes of da­ta but as­sured cus­tomers that its cy­ber se­cu­ri­ty process­es op­er­at­ed op­ti­mal­ly and re­strict­ed cy­ber crim­i­nals’ ma­li­cious plans.

Fal­con Feeds, an In­dia-based tech­nol­o­gy se­cu­ri­ty com­pa­ny, re­port­ed on its X so­cial me­dia ac­count that Ran­somExx, a ran­somware group, added TSTT (http://tstt.co.tt) to its vic­tim list. It claimed to have ac­cess to 6GB of or­gan­i­sa­tion da­ta.

One web­site de­scribed Ran­sonExx as a no­to­ri­ous ran­somware group that has car­ried out cy­ber­at­tacks glob­al­ly since 2018. It rose to promi­nence in 2020 af­ter it at­tacked high-pro­file or­gan­i­sa­tions.

Ran­somware is a cy­ber­at­tack that blocks users from ac­cess­ing their files. The cy­ber at­tack­ers en­crypt the files and de­mand a ran­som from the site own­er to re­gain ac­cess to their files.

TSTT con­firmed that cy­ber crim­i­nals at­tempt­ed to gain unau­tho­rised ac­cess to its sys­tems on Oc­to­ber 9. It said cy­ber threats like this are a con­tin­u­ous fea­ture of mod­ern dig­i­tal op­er­at­ing sys­tems, and telecom­mu­ni­ca­tions in­fra­struc­ture was no ex­cep­tion. TSTT said it con­tin­u­ous­ly in­vest­ed mil­lions of dol­lars in its process­es and in­for­ma­tion tech­nol­o­gy (IT) in­fra­struc­ture to pro­tect its sys­tems and the da­ta it pro­duces and stores.

“At the on­set of the threat, TSTT’s in­ci­dent re­sponse process­es were swift­ly ac­ti­vat­ed. The com­pa­ny took im­me­di­ate steps to min­imise the se­cu­ri­ty vul­ner­a­bil­i­ty, suc­cess­ful­ly iso­lat­ing its sys­tems and ap­pli­ca­tions. These ap­pli­ca­tions were sub­se­quent­ly quar­an­tined, re­built and put back in­to pro­duc­tion as part of clear­ly de­fined poli­cies and pro­ce­dures,” the re­lease stat­ed.

The com­pa­ny said it al­so en­list­ed in­ter­na­tion­al­ly recog­nised cy­ber­se­cu­ri­ty ex­perts and part­ners to in­ves­ti­gate the at­tempt­ed breach and ad­vise on im­ple­ment­ing ad­di­tion­al se­cu­ri­ty mea­sures and pro­to­cols. TSTT said it al­ready im­ple­ment­ed some rec­om­men­da­tions.

“TSTT strong­ly con­demns the ac­tions of these ter­ror­ists in un­law­ful­ly at­tempt­ing to gain ac­cess to its cus­tomers’ in­for­ma­tion. The com­pa­ny will con­tin­ue to in­vest in hard­en­ing its IT en­vi­ron­ments un­der the guid­ance of in­ter­na­tion­al cy­ber ex­perts to en­sure the se­cu­ri­ty of cus­tomer in­for­ma­tion.”

Al­though TSTT de­nied that Ran­somExx got in­to its data­bas­es, the Com­mu­ni­ca­tion Work­ers Union (CWU) is call­ing for the fir­ing of CEO Lisa Agard and Chief Fi­nan­cial Of­fi­cer Shi­va Ram­nar­ine.

Gen­er­al Sec­re­tary Clyde El­der said the union’s in­for­ma­tion was that the hack was a di­rect re­sult of TSTT’s will­ful and de­lib­er­ate neg­li­gence. El­der said the com­pa­ny re­peat­ed­ly re­fused to spend mon­ey on cy­ber­se­cu­ri­ty, claim­ing it was too cost­ly.

“To­day, we re­new our call for the im­me­di­ate dis­missal of both Shi­va Ram­nar­ine and Lisa Agard as they have com­pro­mised not on­ly the in­ter­est and rev­enue-earn­ing ca­pac­i­ty of TSTT, but they have com­pro­mised the pri­va­cy and con­fi­den­tial­i­ty of the cus­tomers of TSTT and the cit­i­zens of Trinidad and To­ba­go,” El­der said.