DA­REECE PO­LO

Se­nior Re­porter

da­reece.po­lo@guardian.co.tt

The Uni­com­er Group yes­ter­day con­firmed that there was a cy­ber­at­tack against Courts, one of its sub­sidiaries.

Pub­lic re­la­tions of­fi­cer Sha­had Ali said the breach oc­curred months ago and cus­tomers were in­formed.

“We are aware of the breach, hav­ing no­ti­fied our cus­tomers about the same in Sep­tem­ber 2023. We are con­tin­u­ing our in­ves­ti­ga­tions,” he said.

Hours lat­er, Uni­com­er said in a state­ment that the da­ta breach oc­curred on its old e-com­merce plat­form, www.shop­courts.com. The re­tail gi­ant said it act­ed im­me­di­ate­ly, in­formed cus­tomers of the at­tack and the web­site was re­placed.

“In Sep­tem­ber 2023, we re­placed our e-com­merce plat­form with a new one, www.courts.com, that en­forces the mea­sures and strength­ens our se­cu­ri­ty lev­els ac­cord­ing­ly, to have a se­cure plat­form with­out any da­ta breach,” the com­pa­ny said.

Uni­com­er told cus­tomers that none of their pay­ment meth­ods or pass­word in­for­ma­tion was ex­posed in the in­ci­dent. Cus­tomers who shopped in-store were not af­fect­ed.

On Sat­ur­day, cy­ber se­cu­ri­ty con­trac­tor, Gavin Den­nis, post­ed via X (for­mer­ly Twit­ter) that hack­ers al­leged­ly in­fil­trat­ed the Shop Courts web­site and stole da­ta on up to 200,000 or­ders. The in­for­ma­tion re­port­ed­ly in­clud­ed cus­tomers’ names, ad­dress­es, phone num­bers, ac­count pass­words, pur­chas­ing da­ta, billing ad­dress­es, ship­ping ad­dress­es, pay­ment meth­ods and more.

Den­nis al­so claimed that some of the da­ta was leaked show­ing records of cus­tomer pur­chas­es made be­tween 2013 to 2023.

Sev­er­al Caribbean coun­tries were af­fect­ed, in­clud­ing Ja­maica, Be­lize, St Lu­cia and Bar­ba­dos.

Com­ment­ing on this lat­est in­ci­dent, the man­ag­er of the T&T Cy­ber Se­cu­ri­ty In­ci­dent Re­sponse Team (TT-CSIRT), An­gus Smith said such in­ci­dents can hap­pen again.

“I think we would see more cas­es like this, in­stances of cy­ber at­tacks in essence be­cause as I said, the threat ac­tors al­ways are try­ing to see where they could pen­e­trate dif­fer­ent en­ti­ties. So, I think that will be some­thing that will con­tin­ue to hap­pen,” Smith said.

He said there are mea­sures or­gan­i­sa­tions can take to pro­tect them­selves, in­clud­ing hard­en­ing their in­fra­struc­ture, up­dat­ing soft­ware and con­fig­u­ra­tions and man­ag­ing their pass­words as well as ad­min­is­tra­tive ac­cess to their sys­tems.

Smith warned com­pa­nies and in­di­vid­u­als against pay­ing ran­soms to cy­ber crim­i­nals who de­mand pay­ment for not re­leas­ing sen­si­tive da­ta, though he ad­mit­ted it’s some­thing that ought to be as­sessed on a case-by-case ba­sis.

“There’s no guar­an­tee that if you pay a ran­som you will be able to get back your in­for­ma­tion and avoid it be­ing pub­lished on the dark web. So, gen­er­al­ly, we at the TT-CSIRT, rec­om­mend that you don’t pay,” he said.

The T&T Cham­ber of In­dus­try and Com­merce has ex­pressed con­cern about the preva­lence of cy­ber­at­tacks and wants busi­ness own­ers and the pub­lic to be vig­i­lant

“We are hear­ing that so many com­pa­nies in Trinidad have been af­fect­ed and it is re­al­ly alarm­ing. All I can re­al­ly rec­om­mend at this point in time is re­al­ly to make sure you have ad­e­quate pro­tec­tions. Make sure that your an­ti-virus and pre­ven­ta­tive mea­sures are up­dat­ed fre­quent­ly,” said CEO Stephen de Gannes.

Con­tact­ed for com­ment, T&T Po­lice Ser­vice (TTPS) pub­lic in­for­ma­tion of­fi­cer Michelle Lewis said the po­lice had not re­ceived any re­ports of a cy­ber at­tack at Courts.

Last month there was a da­ta breach at TSTT in which 6 GB of da­ta was stolen and sold on the dark web, in­clud­ing in­for­ma­tion on Prime Min­is­ter Dr Kei­th Row­ley.