Press Releases

TSTT issues update on “cybersecurity issue” Claims no customer passwords or credentials in dump

By
3 Mins read
3193
Share

As a follow-up to our previous statement regarding the cyber security issue and the company’s ongoing investigation, we are providing the following update to address third party statements that have been in the public domain since our last release, some of which are erroneous, mischievous, and damaging.

Background and Context

TSTT reiterates that it is committed to safeguarding the safety and security of customers’ information and takes matters related to cyber security seriously. Cyber threats are a continuous feature of modern digital operating systems and have become increasingly sophisticated and their frequency has increased significantly. Telecommunications infrastructure is no exception to these threats and incursions.

TSTT has continuously invested millions of dollars in resources in its processes and IT infrastructure to protect its systems and the data it produces and stores. On October 09, 2023, cyber attackers attempted to gain unauthorised access to TSTT’s systems. The company took immediate steps to minimise the security vulnerability, successfully isolating its systems and applications. These applications were subsequently quarantined, rebuilt and put back into production as part of clearly defined policies and procedures.

The company also enlisted the support of internationally recognised cyber security experts and partners in investigating the attempted breach and advising on the implementation of appropriate additional security measures and protocols. Some of these recommendations have already been implemented.

Analysing the data

During the past seven days, TSTT has been working with its international cyber security experts and has undertaken a rigorous examination of data published on the dark web after a ransomware group claimed ownership of a cyberattack on the telecommunications company.

Although the published material was easily accessible, the corroboration process was time consuming because it required cross referencing data across multiple extensive databases to verify sources. With the support of our cyber security consultants, the company has determined that the data released contains largely identifying information, and TSTT apologises to those customers whose information was accessed by these cyber terrorists

While the company is still scrutinising the data, the 6GB accessed represents less than 1% of the petabytes of data the company produces and stores. Moreover, it represents information of a small subset of TSTT’s customer base. A single customer could generate hundreds or thousands of records of non-critical, non-sensitive transactions. The majority of TSTT’s customers’ information was not accessed.

It was also determined that some of the data was accessed from a legacy system, which is no longer utilised by TSTT but which contains data that is, in many instances, no longer valid. This data is kept to ensure TSTT is compliant with relevant laws as it relates to retention of customer information.

With this context, the subset of information accessed contains the following parameters…

What is included What is not included
First Name Call records
Last Name Transactional data
Email Address Customer Passwords
Home Address Credit card information
ID Scans (limited amount) Financial information
Some customer account information, (Account #, billing addresses, and some mobile numbers)
Letters of authorisation: this permits someone to conduct transactions with TSTT on someone’s behalf
Payment receipts

TSTT’s investigation has found that no customer passwords or credentials were accessed.

Due to the nature of the data accessed, internal and external security analysts have advised that there is no elevated risk of fraudulent activity for the group of customers impacted. Some of the information can already be easily accessed via the telephone directory’s white pages. However, TSTT reminds all customers to be vigilant and alert to potential scams and fraudulent activity and report them where necessary.

 It is important to note that certain statements currently in the public domain regarding the publication of personal data are inaccurate and invalid. TSTT does not request, require and/or store on its databases any of the following information related to its customers:

  • Credit Card information
  • Customer passwords
  • Approvals for housing
  • Shipping documents

There is therefore little chance of such information being accessed or published because of the cyber incursion. This underscores the importance of verifying the source and validity of any information or data in the public domain.

Data Centre

TSTT also wishes to address false, misleading, and damaging statements regarding its data centre. TSTT’s data centre (TIA 942-B, Rated 3, SOC-2, DCOS Maturity Level 3 and ISO) is the most secure, resilient and reliable data centre in Trinidad and Tobago, the Caribbean and ranked highly in the Latin American region.

TSTT categorically refutes claims that its data centre was breached and therefore any claims of our corporate client data or credentials being accessed as a result of an alleged breach of our data centre is totally inaccurate, ill-informed and mischievous.

We strongly urge responsible parties to exercise utmost caution and responsibility when publishing and disseminating information. Due to the sensitive nature of this, it is imperative to verify and obtain information from credible and expert sources, as inaccurate and misleading reports can misinform and potentially damage public trust and also harm our company.

This is why TSTT is taking meticulous steps to thoroughly verify all information. We also urge members of the public to exercise discernment in the information they consume, ensuring they receive it from credible and reputable sources to make well-informed decisions.

Related posts

Reaching the youth media audience

Reaching the youth media audience

By Mark Lyndersay  /  April 22, 2024
Credibility has become personal. Who is delivering the news and what is understood about them is becoming as important as the journalism itself
Read More
Huawei, CTU partner to drive regional digital development

Huawei, CTU partner to drive regional digital development

By Press Release  /  April 22, 2024
The agreement will enhance the CTU’s collaborative efforts to address key ICT challenges in the region and symbolises its shared commitment with Huawei to foster a digitally empowered Caribbean.
Read More
IGT offers technology for children on the autism spectrum

IGT offers technology for children on the autism spectrum

By Press Release  /  April 22, 2024
Organisations supporting children with autism spectrum disorders and other neurological developmental conditions have been increasingly using technology to assist with their complex communication and learning needs.
Read More
Digicel invites Caribbean businesses to participate in regional digital transformation survey

Digicel invites Caribbean businesses to participate in regional digital transformation survey

By Press Release  /  April 21, 2024
"We invite businesses of all sizes and sectors to be at the forefront of digital transformation knowledge and innovation."
Read More
Pinaka Consulting partners with Flexxon

Pinaka Consulting partners with Flexxon

By Press Release  /  April 15, 2024
AI is an enabler.  Threat actors are getting better at communication in English using ChatGPT.
Read More
Next-gen news consumers. What do they want?

Next-gen news consumers. What do they want?

By Mark Lyndersay  /  April 15, 2024
It's no longer simply enough to keep producing the same news menu for an aging demographic and milking that diminishing audience.
Read More
Let’s talk backup. Again

Let’s talk backup. Again

By Mark Lyndersay  /  April 8, 2024
Computers have a functional life of around five years, and most media will last roughly that long before either becoming more prone to failure or simply running out of room.
Read More
TSTT to invest $160m in network, deploy VOLTE

TSTT to invest $160m in network, deploy VOLTE

By Press Release  /  April 5, 2024
"Trinidad and Tobago’s only indigenous communications solutions provider has successfully returned to a period of profitability."
Read More
Huawei doubles profits in 2023

Huawei doubles profits in 2023

By Press Release  /  April 5, 2024
Throughout the past year, its ICT infrastructure business remained solid, and its consumer business met expectations. Both its cloud computing and digital power businesses grew steadily.
Read More
The United States vs Apple

The United States vs Apple

By Mark Lyndersay  /  April 1, 2024
Apple's services, including AppleTV, Apple Music and Apple Pay, account for 22 per cent of the company's revenue and it's drawing the lion's share of the concern articulated in the...
Read More
Reaching the youth media audience Reaching the youth media audience April 22, 2024
Huawei, CTU partner to drive regional digital development Huawei, CTU partner to drive regional... April 22, 2024
IGT offers technology for children on the autism spectrum IGT offers technology for children on... April 22, 2024
Digicel invites Caribbean businesses to participate in regional digital transformation survey Digicel invites Caribbean businesses to participate... April 21, 2024
Pinaka Consulting partners with Flexxon Pinaka Consulting partners with Flexxon April 15, 2024
Next-gen news consumers. What do they want? Next-gen news consumers. What do they... April 15, 2024
Let’s talk backup. Again Let’s talk backup. Again April 8, 2024
TSTT to invest $160m in network, deploy VOLTE TSTT to invest $160m in network,... April 5, 2024
Huawei doubles profits in 2023 Huawei doubles profits in 2023 April 5, 2024
The United States vs Apple The United States vs Apple April 1, 2024

🤞 Get connected!

A once weekly email notification of new stories on TechNewsTT. Just that. No spam.

Possible UI Glitch. Click top right corner to dismiss 👉

Get Connected!

A once weekly email notification of new stories on TechNewsTT.

Just that. No spam.

3193
Share
Related posts
FeaturedPress Releases

Pinaka Consulting partners with Flexxon

By
2 Mins read
AI is an enabler.  Threat actors are getting better at communication in English using ChatGPT.
Press Releases

TSTT to invest $160m in network, deploy VOLTE

By
3 Mins read
“Trinidad and Tobago’s only indigenous communications solutions provider has successfully returned to a period of profitability.”
BitDepthFeatured

Ransomware report reveals Caricom-wide attacks

By
3 Mins read
The Lockbit3, 8Base, RansomEXX, Royal and Hive ransomware groups are all international criminal businesses who do not discriminate based on company size, business sector or location.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Ben
Ben
5 months ago

Stop relying on international partners. Build some capability internally and pay for prevention. It’s cheaper than remediation.

1
Reply
trackback
ICTP 279: Stakeholders’ role in cyberattacks, the intersection of music and tech, and crowdfunding in the Caribbean | ICT Pulse – The leading technology blog in the Caribbean
5 months ago

[…] TechNewsTT article, TSTT issues update on “cybersecurity issue” Claims no customer passwords or credentials in dump […]

0
Reply
wpdiscuz   wpDiscuz
×
FeaturedNews Briefs

Parasram warns of possible GDPR fines after assessing TSTT data dump

By
2
0
Share your perspective in the comments!x
()
x