Lead Editor Investigations
Public Utilities Minister Marvin Gonzales has directed the chairman of the Telecommunications Authority of T&T (TSTT) to hire someone independent to investigate the data breach at the company.
Sources told the Sunday Guardian this was being done as there were serious concerns about the management of the organisation.
“We can no longer trust the management,” one source told the Sunday Guardian.
Gonzales said the matter will be made public when the investigation is complete.
“I have grave concerns,” he said.
He explained that he relied on information provided by TSTT when he told Parliament last week that customers’ data were not breached by their cyberattack.
“Based on the security protocols that were triggered when the incursion was detected, TSTT’s data and the data of its customers were not in any way compromised,” the minister told Parliament.
Yesterday, he said TSTT downplayed the matter to him.
“At that point, when I issued the statement, that was what was told to me. I had no choice but to accept what the board and management told me,” he said.
He explained that as the matter unfolded in the public domain and experts were weighing in on the subject matter, he called chairman Sean Roach for a detailed report.
“I sent him back to the company’s management to get a better picture of what was unfolding and they then admitted there was a breach. So they issued another statement,” he said.
On October 9, TSTT suffered a data breach.
Last week the company said there was no compromise of customer data but added that it had not corroborated information in the public domain purported to be customer information.
On Friday, the company issued another statement that admitted that 6GB, or less than one per cent of the petabytes of the company’s data, was accessed but that the majority of its customers’ data was not acquired and no passwords were compromised.
TSTT said it was determined that some of the data had been accessed from a legacy system, which is no longer utilised but contains data that is, in many instances, no longer valid.
The Communications Workers’ Union secretary general Clyde Elder has also accused the company of not being truthful from the onset and instead was “dancing around the public”.
“Several tech-savvy persons went and found the data and realised that TSTT has been lying to the public and TSTT is now forced to issue another release trying to downplay what the public already knows. So, customers’ IDs, home addresses, and financial information are out there. This could have been avoided,” he had said.
Meanwhile, the Telecommunications Authority of T&T (TATT) said it was “disturbed” by the data breaches at TSTT.
TATT, the regulatory body for the telecommunications sector in the country, said it was mindful of the potential adverse implications this matter may have on consumer confidentiality.
Gonzales said the matter was a highly technical one and also asked the company to submit a report to him.
In March 2022, there was a malware incursion at TSTT, but at that time, Gonzales had said no one’s data was compromised.