Wakanda News Details

TSTT: Cyber-terrorists did not access sensitive data - Trinidad and Tobago Newsday

IN a statement on Friday, TSTT said individuals who recently attacked its IT system did not gain access to sensitive details about customers but only other information that was largely outdated and stored on legacy systems.

It dubbed the October 9 attackers "cyber terrorists".

TSTT condemned subsequent comments by third parties in the public domain as "erroneous, mischievous, and damaging."

Indicating that 99 per cent of its data was unaffected by the attacks, TSTT said most clients' details were not accessed.

TSTT said it was committed to safeguarding customers' information and took cyber security seriously.

"Cyber threats are a continuous feature of modern digital operating systems and have become increasingly sophisticated, and their frequency has increased significantly."

As telecommunications were not exempt from these threats, TSTT has continuously invested millions of dollars to protect its systems and its data.

"The company took immediate steps to minimise the security vulnerability, successfully isolating its systems and applications.

"These applications were subsequently quarantined, rebuilt and put back into production as part of clearly defined policies and procedures."

TSTT engaged international cyber security experts and partners.

These had investigated the attempted breach and advised on additional security measures and protocols, some of which have since been implemented.

TSTT said it had undertaken a rigorous examination of data published on the dark web, which a ransomware group claimed responsibility for.

"With the support of our cyber security consultants, the company has determined that the data released contains largely identifying information, and TSTT apologises to those customers whose information was accessed by these cyber terrorists."

While TSTT is still scrutinising the data, the 6GB accessed represents less than one per cent of the petabytes of data the company produces and stores.

"Moreover, it represents information of a small subset of TSTT’s customer base.

"The majority of TSTT’s customers’ information was not accessed."

TSTT said some of the data was accessed from a legacy system that it no longer used and which contains data no longer valid but kept for legal reasons. The company said the information accessed included parameters such as first and last names, e-mail and home addresses, ID scans, some customer account information, letters of authorisation, and payment receipts.

It said, "What is not included: call records, transactional data, customer passwords and financial information.

"TSTT’s investigation has found that no customer passwords or credentials were accessed."

Due to the type of data accessed, internal and external security analysts told TSTT there was "no elevated risk of fraudulent activity" for the customers impacted.

Some data was already in the telephone directory.

"However, TSTT reminds all customers to be vigilant and alert to potential scams and fraudulent activity and report them where necessary."

The company sa

You may also like

More from Home - Trinidad and Tobago Newsday

Lifestyle Facts

National Trust for Historic Preservation