UNC considers court action for release of TSTT cyberattack report

  • Dec, Wed, 2024

Senior Reporter

dareece.polo@guardian.co.tt

The Opposition plans to apply for judicial review by the end of the year to gain access to information regarding the October 2023 cyberattack on the Telecommunications Services of Trinidad and Tobago (TSTT).

In February, Princes Town MP and shadow public utilities minister Barry Padarath, through agents of the United National Congress (UNC), sent pre-action protocol letters to TSTT requesting:

Copies of all board minutes from October 2023 to February 2024, covering the cyberattack period and the board’s decisions on its handling,

Copies of all correspondence regarding the cyberattack between TSTT and the minister,

Copies of all correspondence from TSTT’s executive management to the board,

Confirmation on whether TSTT is providing private bodyguard protection for then-acting CEO Kent Western and if so, details of the protection company, costs, and who—board or executive management—authorised the decision, and

Copies of all evaluations of Kent Western to ascertain who was responsible for his promotion.

TSTT rejected the requests, citing concerns over financial viability and potential risks to staff safety if personal information was disclosed. Padarath said TSTT also said that releasing the requested information could heighten security risks for named personnel.

In an interview with Guardian Media yesterday, Padarath criticised the Government’s delay in sharing information or tabling the independent investigation report in Parliament over a year after the cyberattack.

Raising concerns about transparency, Padarath stated, “We are deeply concerned that any report that is coming 14 months after, a year and two months after the cyber-attack at TSTT, I am almost certain that it will be sanitised to reflect that the board and the minister had no involvement.”

He added, “The Opposition is already treating this with a lot of scepticism and we don’t have a lot of trust and confidence, especially seeing what has occurred and what Ms (Lisa) Agard and others have had to share with us. So, 14 months later, we will be very sceptical in terms of whether or not this report will be sanitised and whether or not there will be attempts to keep this report from the public domain under the guise of national security matters.”

Padarath also confirmed that the UNC would pursue judicial review if the Government fails to publish the report on the investigation, warning that attempts to withhold it under claims of national security would face legal scrutiny. However, he noted that further action would only proceed after confirming whether the report is published and tabled in Parliament.

Meanwhile, the Communications Workers Union criticised Minister Marvin Gonzales, for what it called his silence on the matter, accusing him of neglecting TSTT while focusing primarily on the Water and Sewerage Authority (WASA).

“If you could recall, the cyberattack (report) is outstanding, the not-so-deep-dive report into TSTT is still outstanding, and the forensic audit is still outstanding. For some strange reason the line minister that we call the Minister of WASA only seems to have some type of attention and focus and interest based in WASA and not TSTT,” a representative said.

Efforts to reach Gonzales and TSTT CEO Kent Western were unsuccessful.

Lisa Agard, TSTT’s CEO at the time of the breach, declined to comment on the matter. Both Agard and Chief Financial Officer Shiva Ramnarine, who were fired following the incident, testified before a Joint Select Committee on January 22, claiming their terminations were unfair.

The October 9, 2023, data breach was confirmed on October 27 by Falcon Feeds, an India-based cybersecurity firm, which identified TSTT as a victim of the ransomware group RansomExx. Initially denied by Gonzales on October 30, the breach was later confirmed on November 5, following an apology from the minister.

To address the breach, TSTT engaged local cybersecurity firm CyberEye for root cause analysis, an assessment of security controls, and recommendations to strengthen internal threat detection and monitoring systems.

In July, Gonzales stated that the independent investigation report on the 2023 cyberattack would be completed “any minute now.”

The post UNC considers court action for release of TSTT cyberattack report first appeared on CNC3.