By Prior Beharry
THE Telecommunications Authority of Trinidad and Tobago (TSTT) changes its tune and admits to losing data in a cyber attack on October 9, 2023.
In a release on Friday, it stated that 6GB or less than 1% of the petabytes of the company’s data was accessed. However, it noted that the majority of its customers were not accessed and no passwords were compromised.
It stated, “Although the published material was easily accessible, the corroboration process was time-consuming because it required cross-referencing data across multiple extensive databases to verify sources.
“With the support of our cyber security consultants, the company has determined that the data released contains largely identifying information, and TSTT apologises to those customers whose information was accessed by these cyber terrorists.“While the company is still scrutinising the data, the 6GB accessed represents less than 1% of the petabytes of data the company produces and stores.
“Moreover, it represents information of a small subset of TSTT’s customer base. A single customer could generate hundreds or thousands of records of non-critical, non-sensitive transactions. The majority of TSTT’s customers’ information was not accessed.”
It stated, “It was also determined that some of the data was accessed from a legacy system, which is no longer utilised by TSTT but which contains data that is, in many instances, no longer valid.
“This data is kept to ensure TSTT is compliant with relevant laws as it relates to retention of customer information.”
But, in a release on October 30, it had stated, “There was no loss or compromise of customer data, i.e, no data was deleted from TSTT’s databases or manipulated.
“At this time, the company has not corroborated data currently in the public domain purported to be TSTT’s customer information, and it should be noted that the various TSTT platforms generate terabytes of data.”
In its latest release, it stated, “TSTT’s investigation has found that no customer passwords or credentials were accessed.
“Due to the nature of the data accessed, internal and external security analysts have advised that there is no elevated risk of fraudulent activity for the group of customers impacted.
“Some of the information can already be easily accessed via the telephone directory’s white pages. However, TSTT reminds all customers to be vigilant and alert to potential scams and fraudulent activity and report them where necessary.”
TSTT stated that information in the public domain of the publication of personal information were inaccurate and invalid.
It stated that credit card information, customer passwords, approvals for housing and shipping documents were not stored in its databases.
TSTT stated that its data centre (TIA 942-B, Rated 3, SOC-2, DCOS Maturity Level 3 and ISO) was the most secured, resilient and reliable data centre in Trinidad and Tobago, the Caribbean and ranked highly in the Latin American region.
It stated, “TSTT categorically refutes claims that its data centre was breached and therefore any claims of our corporate client data or credentials being accessed as a result of an alleged breach of our data centre is totally inaccurate, ill-informed and mischievous.
“We strongly urge responsible parties to exercise utmost caution and responsibility when publishing and disseminating information.
“Due to the sensitive nature of this, it is imperative to verify and obtain information from credible and expert sources, as inaccurate and misleading reports can misinform and potentially damage public trust and also harm our company.
“This is why TSTT is taking meticulous steps to thoroughly verify all information.
“We also urge members of the public to exercise discernment in the information they consume, ensuring they receive it from credible and reputable sources to make well-informed decisions.”