Reporter
carisa.lee@cnc3.co.tt
The Communications Workers Union says it is “disappointed” that the report into last year’s cyberattack on TSTT has not yet been released. The union also accuses the company of prolonging the probe.
Yesterday, Minister of Public Utilities Marvin Gonzales said he had not yet received the report from the independent enquiry into the cyberattack on TSTT. He added that he could not even say when the report would be made available to him.
“Not at this time. As soon as it is received, I will let the public know,” Gonzales said.
The cyberattack on Telecommunications Services of Trinidad and Tobago occurred on October 9 last year at 4.18 pm.
However, the incident was only made public on October 27, after Falcon Feeds, an India-based technology security company, reported on its X (Twitter) social media account that ransomware group, RansomExx, had added TSTT (http://tstt.co.tt) to its victim’s list. It claimed to have access to 6GB of data.
At first, TSTT said there was no compromise of customer data but after cybersecurity experts went digging into the data and made their discoveries public, the company issued another statement saying 6GB, or less than one per cent of the petabytes of the company’s data, was accessed. But it said then that the majority of its customers’ data was not compromised.
In a press release yesterday, the CWU said it was disappointed with TSTT, accusing the company of prolonging the probe. The union asked TSTT when the report from the external probe will be made public and what it costs taxpayers.
“It is the belief of the union that the Government has once again failed TSTT’s employees, the customers, and the country at large with another delayed report,” the release said.
The recognised majority union headed by president Claire-Anne Leach-Lewis and secretary general Joanne Ogeer also asked Gonzales if he ever responded to former TSTT CEO Lisa Agard’s Joint Select Committee (JSC) comments privately.
“Tell the public what were the contents of the statements of October 31, 2023 and November 9, 2023 and who prepared same, confirmed same, and was tasked with the responsibility to ensure it was accurate to deliver it to the minister in the Parliament which actually misled the country,” the union added.
In February, Agard told a JSC that she in no way misled the Public Utilities Minister on the severity of the October 2023 cyberattack.
Agard told the JSC that in her submission to the minister, she never said data was not compromised.