AN­THO­NY WIL­SON

and DA­REECE PO­LO

Telecom­mu­ni­ca­tions Ser­vices of Trinidad and To­ba­go CEO Lisa Agard has apol­o­gised over the da­ta breach that has com­pro­mised the in­for­ma­tion of hun­dreds of thou­sands of cus­tomers.

Agard broke her si­lence on the is­sue, which Prime Min­is­ter Dr Kei­th Row­ley called a “se­cu­ri­ty threat”, at a vir­tu­al brief­ing with the com­pa­ny’s bond­hold­ers and an­a­lysts yes­ter­day.

Agard apol­o­gised to the more than a mil­lion cus­tomers of the ma­jor­i­ty state-owned telecom­mu­ni­ca­tions provider, whose da­ta was stolen by cy­ber­crim­i­nals in last month’s breach of its data­bas­es.

Re­spond­ing to ques­tions on the mat­ter, Agard ad­mit­ted that TSTT could have done bet­ter in com­mu­ni­cat­ing the cy­ber­breach to its stake­hold­ers.

“We were so busi­ly fo­cused on iden­ti­fy­ing the prob­lem, con­tain­ing it and restor­ing full ca­pa­bil­i­ty to serve our cus­tomers that we ne­glect­ed, per­haps, to com­mu­ni­cate ef­fec­tive­ly with them,” Agard said.

“This was not done with mal­ice, but rather from a place of en­sur­ing that the most ac­cu­rate in­for­ma­tion was com­mu­ni­cat­ed at the time it be­came known,” she added.

Agard said ini­tial­ly, most of the cus­tomer com­plaints sur­round­ed con­nec­tiv­i­ty, the in­abil­i­ty to pay bills on­line and the man­age­ment of queries. The telecom­mu­ni­ca­tions ex­ec­u­tive said the com­pa­ny fo­cused on ad­dress­ing these is­sues, with its teams work­ing around the clock to get cus­tomers se­cure­ly back on­line.

“In hind­sight, we should have al­so en­sured that we kept our val­ued cus­tomers bet­ter in­formed and ed­u­cat­ed about this sit­u­a­tion,” she said.

Giv­ing a time­line of TSTT’s re­sponse, Agard said as soon as the da­ta breach was pub­li­cised on Oc­to­ber 28, the com­pa­ny launched an in­ves­ti­ga­tion to ver­i­fy the claims and cor­rob­o­rate the in­for­ma­tion that was in the pub­lic.

“Check­ing the da­ta against TSTT’s many data­bas­es was an ex­ten­sive process and this guid­ed us in terms of the in­for­ma­tion that we com­mu­ni­cat­ed to the pub­lic and to our oth­er stake­hold­ers,” the TSTT CEO said.

Ad­di­tion­al­ly, Agard iden­ti­fied the in­ter­na­tion­al com­pa­ny that was hired by TSTT to de­ter­mine the method used by the hack­ers.

“At this time, we have iden­ti­fied two pos­si­ble hy­pothe­ses with re­spect to the path that the threat ac­tors took but we are await­ing the com­ple­tion of the in­ves­ti­ga­tion by our in­ter­na­tion­al cy­ber­se­cu­ri­ty ex­pert, Check Point, be­fore we can de­ter­mine de­fin­i­tive­ly what oc­curred,” she said.

She fur­ther not­ed that TSTT has tak­en steps to pre­vent any fu­ture threats to cus­tomers, hav­ing al­so en­gaged lo­cal cy­ber­se­cu­ri­ty com­pa­ny, Cy­ber­Eye, which was launched last year to pro­tect com­pa­nies’ da­ta.

Cy­ber­Eye, Agard not­ed, is af­fil­i­at­ed with Cross­word Cy­ber Se­cu­ri­ty PLC in the UK and was con­tract­ed to do root cause and log analy­sis, se­cure re-en­able­ment, as­sess the ef­fec­tive­ness of TSTT’s cur­rent cy­ber­se­cu­ri­ty con­trols for pro­tect­ing in­for­ma­tion as­sets against cy­ber threats, and threat mon­i­tor­ing and de­tec­tion.

“From the on­set, we iso­lat­ed our sys­tems and ap­pli­ca­tions from the hack­ers. These ap­pli­ca­tions were sub­se­quent­ly quar­an­tined, re­built and put back in­to pro­duc­tion. The in­ter­na­tion­al cy­ber­se­cu­ri­ty ex­perts and part­ners ad­vised us on the im­ple­men­ta­tion of ap­pro­pri­ate ad­di­tion­al se­cu­ri­ty mea­sures and pro­to­cols, which, of course, you can ap­pre­ci­ate I can­not be spe­cif­ic about, and we have al­ready be­gun im­ple­ment­ing fur­ther ag­gres­sive pre­ven­ta­tive ac­tions to en­sure no re­oc­cur­rence and to im­prove the com­pa­ny’s se­cu­ri­ty pos­ture,” she ex­plained.

TSTT was the vic­tim of a cy­ber­at­tack on Oc­to­ber 9. The in­ci­dent was made pub­lic by cy­ber­se­cu­ri­ty firm Fal­con­Feeds.IO, which re­ports on glob­al da­ta breach­es. Ac­cord­ing to its post on Oc­to­ber 27 to X, for­mer­ly Twit­ter, TSTT and its sub­sidary Bmo­bile were com­pro­mised by ran­somware group Ran­somexx, with six gi­ga­bytes of da­ta stolen and dumped on the Dark Web.

How­ev­er, on Oc­to­ber 30, Min­is­ter of Pub­lic Util­i­ties Mar­vin Gon­za­les said this in­for­ma­tion was sim­ply “not true”. TSTT al­so is­sued a state­ment on the same day say­ing hack­ers at­tempt­ed to break in­to its cy­ber­sys­tems but were un­suc­cess­ful. Less than a week lat­er, the min­is­ter was forced to re­tract his state­ment, as he ad­mit­ted that the at­tack took place and or­dered an in­de­pen­dent in­ves­ti­ga­tion.

Some of the in­for­ma­tion of Prime Min­is­ter Dr Kei­th Row­ley was al­so dumped on the Dark Web by the hack­ers. Row­ley has since ad­vised TSTT that the breach should be treat­ed as a mat­ter of na­tion­al se­cu­ri­ty.

See page 15