October 7, 2024

Caribbean Broadcasting Corporation

The most credible news source in Barbados

Prime Minister of Trinidad and Tobago, Dr. Keith Rowley. (CMC photo)

T&T: Cyberattack compromises thousands

November 8, 2023

PORT OF SPAIN, Trinidad, CMC – Prime Minister of Trinidad and Tobago Dr. Keith Rowley has called on the Telecommunication Services of Trinidad and Tobago (TSTT) to treat as a “national security threat” the cyberattack on its system that has left  the personal information of thousands of its customers comprosmised.

Late last month, international hackers Ransomexx announced it had infected TSTT with ransomware and stole as many as six gigabytes (GB) of its data, including names, e-mail addresses, national ID numbers, phone numbers and “a lot of other sensitive data”.

But Prime Minister Rowley has said that the information used by the Trinidad Guardian newspaper “was not my data” to publish a story earlier this week indicating that his personal information including his passport number as well as his date of birth and a post office box address, are among documents found to have been compromised.

The paper said that it had obtained a copy of the 6GB of data from TSTT which was uploaded to the dark web, following a cyberattack on the company on October 9, and was able to verify this. It said the data bundle includes scans, a list of names and credentials.

It said Prime MInister Rowley had at the time of publishing the story had not responded to its request for a comment and that he had also veeb sent a copy of the information which the newspaper said it was able to source and verify.

In a statement posted on his Facebook page, Prime MInister Rowley said “I have confirmed that the information used by the Trinidad Guardian to publish its story was NOT my data.  That data profile of ID and DP is for another family member.”

He said that the latest additional information that is circulating from a stolen spreadsheet “is not my bank detail” and that “it appears to be my TT Government telephone bill account, which is somewhere on TSTT’s system.

“That piece of data has information which is accurate but not secret”.

But Prime Minister Rowley warned that “this data or any other for that matter, falling into the hands of criminals, is deeply disturbing and this occurrence should be treated with the greatest competence and utmost sincerity by the company.

“TSTT is also expected to treat this matter as a national security threat and ensure that the public trust is restored, preserved, and handled with absolute professionalism,” the prime minister added.

Public Utilities Minister Marvin Gonzales has since called for”a thorough and full-scale investigation” into the cyberattack after saying that he is “deeply concerned” about the csituation.

Gonsalves said that digital security invasions were becoming an increasingly frequent phenomenon worldwide and that while no organisation or individual was immune to such attacks, the breach of TSTT’s digital security apparatus “is a matter of grave concern to Government.

“The gravity of the situation warrants a thorough and full-scale investigation to ascertain the facts and circumstances that caused the breach, TSTT’s communications regarding the matter, and the actions the organisation is (and has been) taking to reduce the possibility of future cyber incursions.

“I have therefore spoken with the chairman of TSTT and mandated that the board of directors commissions an independent inquiry into the matter and to make public the facts and findings, in so far as the details do not compromise TSTT’s customer confidentiality or further put at risk the integrity of TSTT’s data or digital infrastructure,” the Public Utilities Minister added.

TSTT last weekend acknowledged that information on some of its customers had been captured following a cyberattack last month.

“During the past seven days, TSTT has been working with its international cyber security experts and has undertaken a rigorous examination of data published on the dark web after a ransomware group claimed ownership of a cyberattack on the telecommunications company.

“Although the published material was easily accessible, the corroboration process was time consuming because it required cross referencing data across multiple extensive databases to verify sources. With the support of our cyber security consultants, the company has determined that the data released contains largely identifying information, and TSTT apologises to those customers whose information was accessed by these cyber terrorists,” the company said in a statement.

The telecommunications company said that it is still scrutinising the data, but that what had been stolen represents less than one per cent of the petabytes of data the company produces and stores.

“Moreover, it represents information of a small subset of TSTT’s customer base. A single customer could generate hundreds or thousands of records of non-critical, non-sensitive transactions. The majority of TSTT’s customers’ information was not accessed,” TSTT added,

About The Author

Share this!