Trinidad’s state telecoms company hit by cyberattack

17th November 2023

The majority state-owned Telecommunications Services of Trinidad and Tobago (TSTT) has been hit by a major cyberattack.

Global hacker group Ransomexx disclosed that they had launched a ransomware attack on TSTT, compromising and extracting up to six gigabytes (GB) of data.

This data breach included personal information such as full names, email addresses, national identification numbers, contact numbers, and other confidential information of the companies mobile, fixed line, broadband and other customers.

Ransomexx released a CSV file on the dark web containing comprehensive details from over 1.2mn TSTT customers as proof of the hack. The data was downloaded more than 13,000 times as of early November.

Confirming the breach, CEO Lisa Agard—who has since been fired from the top job—said that on 9 October, TSTT’s “systems detected a security breach which affected the availability of TSTT’s internal virtual infrastructure or private cloud. The malware was immediately isolated and a comprehensive investigation to ascertain the full impact of the incident was launched”.

At the time, TSTT said that “there was no loss or compromise of customer data, i.e., no data was deleted from TSTT’s databases or manipulated,” and that “the company has not corroborated data currently in the public domain purported to be TSTT’s customer information”.

However, in a later statement the company acknowledged that 6GB of data—less than one percent of the petabytes of data they manage—had been accessed. They assured that the bulk of their customer data remained secure, and importantly, no passwords were affected.

In an attempt to quell the growing concern of customers, TSTT said that a portion of the compromised data came from an outdated system that has been decommissioned from active use, noting that much of this data may no longer be current.

Despite this, Clyde Elder, the Secretary General of the Communications Workers’ Union, has levelled criticism at the company for a lack of transparency from the beginning, accusing them of evading full disclosure to the public.

Prime Minister Keith Rowley, whose identification card number, driver’s permit number and passport number were reportedly compromised in the breach, called the cyberattack a “national security threat”.

Rowley said that while some of the data in the breach was not his, “the fact that these data or any other for that matter, falling into the hands of criminals, is deeply disturbing and this occurrence should be treated with the greatest competence and utmost sincerity”.

“The company took immediate steps to minimise the security vulnerability, successfully isolating its systems and applications. These applications were subsequently quarantined, rebuilt and put back into production as part of clearly defined policies and procedures,” said a statement from TSTT.

Responding to criticism about the handling of the breach, the company noted that it has sought the assistance of globally acknowledged cybersecurity specialists and affiliates to probe the attempted security violation and to counsel on the adoption of suitable supplementary security safeguards and procedures.

However, multiple assurances and apologies could not stave off those calling for the dismissal of TSTT CEO Lisa Agard over her handling of the cyberattack. A press release from the company announced that Agard, who had been in the role since 2020 had departed the company with immediate effect. Former TSTT General Manager (Customer Experience and Marketing) Kent Western has been appointed to act in the role.

Agard’s departure comes as the company reported a significant increase in profits, announcing a post-tax gain of US$21mn for the six months ending September 30, 2023, a 316% rise from the previous year. Revenue rose by 6% to US$145mn, and operating profit jumped to US$46mn, indicating a 53% increase. The company’s adjusted EBITDA also grew by 16% to US$71mn and its credit rating improved from B+ to BB-, reflecting its stronger financial position, with a closing cash position of US$53mn against a debt of US$470mn.

TSTT is the latest in a growing list of Caribbean entities to be hit my significant cyberattacks. Regional conglomerate Courts (a subsidiary of Unicomer Group) revealed this week that it has launched an investigation into a cyberattack, while the Massy Group was hacked earlier this year.

This is a lead article from Caribbean Insight, The Caribbean Council’s flagship fortnightly publication. From The Bahamas to French Guiana, each edition consists of country-by-country analysis of the leading news stories of consequence, distilling business and political developments across the Caribbean into a single must-read publication. Please follow the links on the right-hand side of this page to subscribe, or access a free trial.