[UPDATED] TSTT CEO sorry for data breach, company taking steps to better protect customers' info

TELECOMMUNICATIONS Services of TT (TSTT) CEO Lisa Agard apologised to the company's customers for a breach of the company's cybersecurity after an attack on October 9. She added TSTT had strengthened its safeguards to protect itself and its customers from any future cyber attack.

During a virtual investors' call on Friday, Agard said, "Let me take this opportunity to apologise to our customers that their data was stolen by cyber criminals."

Agard told investors, "We take the security of our customer information very seriously and we have spent millions of dollars over the years protecting it."

She said when the attack happened on October 9, TSTT's response was immediate.

"As soon as we detected the breach, we activated our international cyber security experts including Check Point, to support the recovery and restoration efforts."

Founded in 1993 and based in California, US, Check Point Software Technologies Ltd is described as "a leading provider of cyber security solutions to corporate enterprises and governments globally."

Agard said, "We launched our incident response plan, which triggered steps to minimise the security vulnerability."

She told investors, from the onset, we isolated our systems and applications from the hackers.

"These applications were subsequently quarantined, rebuilt and put back into production."

Simultaneously, she continued, TSTT's international cybersecurity experts and partners advised the company on "the implementation of appropriate additional security measures and protocols."

For security reasons, the details of the new measures and protocols are confidential.

Agard said those measures and protocols were being implemented.

"We have already begun implementing further aggressive preventative actions to ensure no re-occurrence and to improve the company's security posture."

The reinforcement of TSTT's cybersecurity systems is not stopping there, she said.

"We have also engaged the services of a local independent cybersecurity company, Cyber Eye, that is affiliated to Cross Word Cyber Security PLC in the UK, to do a number of additional things for us."

When the Russia-Ukraine conflict began last February, Cross Word advised several UK companies on measures to protect themselves from Russian cyber attacks.

Agard listed assessment of current cybersecurity controls, threat monitoring and control as some of the work Cross Eye was doing for TSTT.

She said, "To date, all of our critical systems have been restored."

Agard lamented that cyber attacks were an unfortunate reality in a modern digital world.

TSTT has not been the only victim of such attacks, she said, as an official TT-CSIRT incident response report between 2022 and 2023 indicated, "There have been 55 known attacks of various types between the government and the private sector."

TT-CSIRT is the National Security Ministry's cyber-crime response team.

She added, "Those are the only ones that have been reported publicly."

Agard: TSTT could have communicated better with public

Agard also admitted that TSTT could have done better in terms of communicating with the public about the attack shortly after it happened.

"We were so busily focused on identifying the problem, containing it and restoring full capability to serve our customers that we neglected perhaps to communicate effectively with them."

Agard said, "In hindsight, we should have also ensured that we kept our valued customers better informed and educated about the situation."

Claiming there were different versions of the timeline of events which happened after the October 9 attack, Agard sought to set the record straight.

"As soon as the stolen data was leaked publicly on October 28, we immediately launched an investigation in an attempt to verify the claims being made and to corroborate the information posted on social media to ascertain whether in fact what was leaked of the stolen data was ours."

She admitted that checking the data that was reported to have been leaked against the company's several databases was an extensive process.

But Agard said it "guided us in terms of the information communicated with the public and to other stakeholders."

TSTT's first press release about the attack on October 30, she continued, "shared what we knew at that time."

Agard said the company wanted to provide more information at that time but could not do so.

That was because TSTT could not confirm whether or not the leaked data was its own because the investigation into the attack was ongoing.

Agard said more information about the attack was shared with the population as the company drilled into the matter.

"When a more comprehensive review of the stolen data was completed on November 2, we did not hesitate to share additional information with the public and advise on additional safeguards to protect their data."

She said TSTT offered that advice in a press release issued on November 3.

There is still no definitive answer as to what caused the attack.

"We are awaiting the completion of the investigation by our international cyber security expert, Check Point before we can determine definitively what occurred."

Commenting on the issue in the Senate on Tuesday, Public Utilities Minister Marvin Gonzales said the TSTT cyber attack "warrants an independent and thorough investigation so that we can truthfully report to the public on this very critical issue."

Gonzales has mandated TSTT to do such a probe.

Agard: Leaked info poses low risk of fraud

On Friday, Agard spoke on reports of people's personal information being leaked into the public domain.

"The information currently in the public domain is largely personal identifiable information which experts have advised us does not pose any rated risk of fraudulent activity to customers."

She added that TSTT had publicly advised its customers to be extremely vigilant and on the alert for any suspicious activity.

On Tuesday, Gonzales said, "I have information that the report in yesterday's (Monday) Guardian that refers to one Keith Rowley's (personal data being breached) is not that of the honourable Prime Minister."

Gonzales also said he had no report that personal data belonging to cabinet ministers or parliamentarians were compromised in that incident either.

In a Facebook post on Tuesday, Dr Rowley confirmed Gonzales' statement, saying "I have confirmed that the information used by the Trinidad Guardian to publish its story was not my data. That data profile of ID and driver's permit is for another family member.

"The latest additional information that is circulating from a stolen spreadsheet is not my bank details. It appears to be my TT Government telephone bill account, which is somewhere in TSTT's system. That piece of data has information which is accurate but not secret."

Rowley said having this data or any other falling into the hands of criminals was deeply disturbing.

"This occurrence should be treated with the greatest competence and utmost sincerity by the company.

"TSTT is also expected to treat this matter as a national security threat and ensure that the public trust is restored, preserved, and handled with absolute professionalism."

The Office of the Attorney General and Legal Affairs and the Judiciary were victims of cyber attacks earlier this year.

In the Senate on May 24, Attorney General Reginald Armour, SC, said Government was working to strengthen legislation to protect citizens against different forms of cybercrime.

He also disclosed that TT was invited in October 2021 to formally ratify the Budapest Convention, the first international treaty seeking to address internet and computer crime by harmonising national laws, improving investigative techniques and increasing co-operation among nations.

TT has observer status to the convention and has five years in which to ratify the treaty. Armour said once this happens, TT can benefit through partnership with other nations to combat various types of cybercrime.

This story was originally published with the title "TSTT: 'Security increased after cyber attack'" and has been adjusted to include additional details. See original post below.

THE Telecommunications Services of TT (TSTT) says it has strengthened its safeguards to protect itself and its customers from any future cyber attack.

Company CEO Lisa Agard made this statement during a virtual investor-relations call held by the company on Friday.

On October 9, TSTT was the victim of a cyber attack.

Agard told investors, "We take the security of our customer information very seriously and we have spent millions of dollars over the years protecting it."

She said when the attack happened on October 9, TSTT's response was immediate.

"As soon as we detected the breach, we activated our international cyber security experts including Check Point, to support the recovery and restoration efforts."

Founded in 1993 and based in California, US, Check Point Software Technologies Ltd is described as "a leading provider of cyber security solutions to corporate enterprises and governments globally."

Agard said, "We launched our incident response plan, which triggered steps to minimise the security vulnerability."

She told investors, Frrom the onset, we isolated our systems and applications from the hackers.

"These applications were subsequently quarantined, rebuilt and put back into production."

Simultaneously, she continued, TSTT's international cybersecurity experts and partners advised the company on "the implementation of appropriate additional security measures and protocols."

For obvious security reasons, the details of these new measures and protocols are confidential.

Agard said these measures and protocols are being implemented.

"We have already begun implementing further aggressive preventative actions to ensure no reoccurrence and to improve the company's security posture."

The reinforcement of TSTT's cybersecurity systems is not stopping there, she said.

"We have also engaged the services of a local independent cybersecurity company, Cyber Eye, that is affliated to Cross Word Cyber Security PLC in the UK, to do a number of additional things for us."

When the Russia-Ukraine conflict began last February, Cross Word advised several UK companies on measures to protect themselves from Russian cyber attacks.

Agard listed assessement of current cybersecurity controls, threat monitoring and control as some of the work Cross Eye is doing for TSTT.

She said, "To date, all of our critical systems have been restored."

Agard lamented that cyber attacks were an unfortunate reality in a modern digital world.

TSTT has not been the only victim of such attacks, she said, as an official TT-CSIRT incident response report between 2022 and 2023 indicated, "There have been 55 known attacks of various types between the government and the private sector."

TT-CSIRT is the National Security Ministry's cybercrime response team.

She added, "Those are the only ones that have been reported publicly."

The Office of the Attorney General and Legal Affairs and the Judiciary were victims of cyber attacks earlier this year.

In the Senate on May 24, Attorney General Reginald Armour, SC, said Government was working to strengthen legislation to protect citizens against different forms of cybercrime.

He also disclosed that TT was invited in October 2021 to formally ratify the Budapest Convention, the first international treaty seeking to address internet and computer crime by harmonising national laws, improving investigative techniques and increasing co-operation among nations.

TT has observer status to the convention and has five years in which to ratify the treaty. Armour said once this happens, TT can benefit through partnership with other nations to combat various types of cybercrime.

In July, the Opposition agreed with the Government about an urgent need to deal with cybercrime.

In that month, the UNC said some of its MPs attended a special two-day workshop on cybercrime organised by the Parliamentarians for Global Action (PGA) International Peace and Security Program, focused on engaging Caribbean parliamentarians in the implementation of the Budapest Convention.

The workshop was held at the Radisson Hotel, Port of Spain.

The UNC said it will "continue to push for greater education and public awareness of the threats posed by cybercriminals as well as advocate for policies that keep TT citizens safe from all aspects of crime including those committed in cyberspace."