TSTT's former CEO Lisa Agard said she was told to keep silent on a cyber attack on the company in 2023, speaking at Parliament's Joint Select Committee (JSC) on State Enterprises chaired by Anthony Vieira, on February 19. She said the TSTT board had prevented her from communicating with the public on the matter without their prior approval.

Agard said TSTT's Networks and IT Department had not told her of the October 3 cyber attack, but she had only learnt of it on November 11 via a report by TSTT's cyber-security consultant, Checkpoint. She denied ever misleading Minister of Public Utilities Marvin Gonzales, although saying his statement to Parliament had otherwise contained inadvertent inaccuracies.

Agard began by saying the breach had taken place after a TSTT administrator had lost her credentials without realising it, and then been locked out by someone using her information to create multiple domain accounts. She said during the breach, no data was deleted from TSTT's databases nor manipulated.

"Let me say at the outset, TSTT communicated what it knew, when it became aware of it, guided at all times by the Networks and IT (Department) and issued statements prepared by the Brand Reputation PR Department.

"When you look at the details of my submissions, you have to ask yourself why did the CEO (Agard) have to literally beg the chairman and board of TSTT to be allowed to communicate with the public after November 6, since by that date I was mandated to get prior approval of the chairman and the board before anything was allowed to be said publicly?"

She said a communication plan was prepared for various clients such as ministers, permanent secretaries and the general public. The board approved all plans but for the general public and ultimately none were ever used.

Agard said it had been disingenuous for TSTT through it chairman, board and brand reputation unit to tell the public that TSTT needed to reshape its communication around transparency.

"If, as TSTT now claims, it wishes to be transparent and timely in its communication with customers, then why was the communication plan to the general public not implemented?"

Later, in reply to JSC member Wade Mark, she said she felt pressured by the board to provide them with details of 33 people whose bank-account or credit-card details had been hacked.

"I felt if I did not cooperate and provide the information, my own position as CEO would be in jeopardy."

Committee member Rudranath Indarsingh asked about the curtailing of reporting to the public.

She replied that she assumed it was a decision endorsed by the board, as it had come just after the board's November 6 meeting.

Agard said after Gonzales' statement in Parliament on November 1, she had drafted a statement to explain what he had said but that the board had refused to approve its public release.

She said she had never misled Gonzales, recalling her input into his statement to Parliament. "In the response that I sent to the minister directly via WhatsApp and to several other people i