Public Utilities Minister Gonzales changes tune, orders: Probe TSTT hack attack

Less than a week after declaring that reports of a ransomware attack on TSTT were "not true," Minister of Public Utilities Marvin Gonzales has made a full about-turn and ordered the state-run communications company to have an independent investigation done into the matter.

In a press release on Sunday, Gonzales said that "like everyone else," he too was "deeply concerned" about the recent cyber attack on TSTT.

Declaring in his release that digital security invasions were becoming an increasingly frequent phenomenon worldwide, Gonzales said while no organisation or individual was immune to such attacks, the breach of TSTT’s digital security apparatus "is a matter of grave concern to Government" and by extension, the people, given TSTT’s importance on the country’s telecommunications landscape.

According to a Newsday report published on October 30, Gonzales claimed reports on the ransomware attack on TSTT were "not true."

FalconFeeds.IO, a cyber security firm that offers an X (formerly Twitter) feed reporting on breaches – according to the Newsday report – claimed tstt.co.tt and bmobile.co.tt were compromised by ransomware group Ransomexx.

Asked about this on October 30, Gonzales said, "It is not true." Asked to comment further, he said TSTT would issue a statement soon.

In a statement, also on October 30, TSTT said hackers had tried to break into its cyber systems holding terabytes of data, but were unsuccessful.

“On October 9, cyber attackers attempted to gain unauthorised access to TSTT’s systems,” the company said.

“At the onset of the threat, TSTT’s incident response processes were swiftly activated. The company took immediate steps to minimise the security vulnerability, successfully isolating its systems and applications.

“These systems were subsequently quarantined, rebuilt and put back into production as part of clearly defined policies and procedures.”

The release added that TSTT also sought support from internationally recognised cybersecurity experts in investigating the attempted breach. The company has already implemented additional security measures and protocols, as advised by the experts.

In his release on November 5, Gonzales said: The gravity of the situation warrants a thorough and full-scale investigation to ascertain the facts and circumstances that caused the breach, TSTT’s communications regarding the matter, and the actions the organisation is (and has been) taking to reduce the possibility of future cyber incursions.

"I have therefore spoken with the chairman of TSTT and mandated that the board of directors commissions an independent inquiry into the matter and to make public the facts and findings, in so far as the details do not compromise TSTT’s customer confidentiality or further put at risk the integrity of TSTT’s data or digital infrastructure.

In the wake of the cyber attack on TSTT, Princes Town MP Barry Padarath, in a statement last Friday, called for new legislation against such attacks, and the re-establishment of the Joint Select Committee (JSC) on Cyber Crime, on which he had previously served.

Padarath said Government must "come clean" on the circumstances of the attack.

He alluded to media reports on the attack which had compromised citizens' personal data which could be viewed on the dark web. Padarath said this was "alarming and disturbing" as it could put people at risk in a country already plagued by violent crime.

He asked whether TSTT's operational information and the credentials for TSTT's Mausica centre had been leaked.

Padarath urged TSTT to treat it all as "a matter of urgency," to protect its customers. He also demanded that the company give cogent answers on what had occurred, and say what steps it took expeditiously to mitigate the effects of the attack.

He urged the Government – as TSTT's majority shareholder – to provide strong leadership and ensure industry standards were met, so as to stop further attacks and secure people's confidential information hosted by TSTT.

Padarath said such attacks in any other jurisdiction "would have been met with greater transparency and stronger sanctions."