TSTT Ransomware Attack - Customer data on dark web

[aaron17]

Parasram: Nothing to be done about data exposure

https://technewstt.com/nothing-to-be-do ... -exposure/

[redmanjp]

WELP!

Banking and credit card info in TSTT cybersecurity leak
https://guardian.co.tt/news/banking-and ... 0bc6cab040

Wtf tstt

So everybody who pay their bill with credit and debit card have to get a new one?

They not even telling their customers what to do now. Ting download 17000 times already.

[redmanjp]

The only 'good' thing about this is that prominent ppl data leaked too so maybe we will finally get serious about data security and pass data protection legislation.

[stev]

The only 'good' thing about this is that prominent ppl data leaked too so maybe we will finally get serious about data security and pass data protection legislation.

one could hope eh but this thread gonna get old and the actual incident will be forgotten in a week or two...sad to say

that's just the country we live in.

cyber insurance gonna boom though

[pugboy]

I love how they downplaying this as it’s no big thing
Same way this govt treating crime

[Dohplaydat]

Parasram: Nothing to be done about data exposure

https://technewstt.com/nothing-to-be-do ... -exposure/

This guy is one f*cking sham my goodness.

Guys here's what you should do:
- obviously change your passwords and activate 2 factor authentication on websites if you haven't
- monitor your banking and credit activity
- be wary of phishing attempts coming your way
- possibly cancel and reopen new credit cards
- update the security patches on your devices

[aaron17]

Where didn't i heard of this b4? Oh yea... WHO and covid.

[death365]

Heh heh heh

[ed360123]

Anyone have a photo of this ad?

[pugboy]

was in guardian yesterday

[bluefete]

Was in Guardian, Newsday and Express yesterday.

[aaron17]

Sorry is not a compensation.

[paid_influencer]

sorry is not useful information either

did they tell people exactly what data had been compromised

[The_Honourable]

Agard sorry for poor communication

Telecommunications Services of Trinidad and Tobago CEO Lisa Agard has apologised over the data breach that has compromised the information of hundreds of thousands of customers.

Agard broke her silence on the issue, which Prime Minister Dr Keith Rowley called a “security threat”, at a virtual briefing with the company’s bondholders and analysts yesterday.

Agard apologised to the more than a million customers of the majority state-owned telecommunications provider, whose data was stolen by cybercriminals in last month’s breach of its databases.

Responding to questions on the matter, Agard admitted that TSTT could have done better in communicating the cyberbreach to its stakeholders.

“We were so busily focused on identifying the problem, containing it and restoring full capability to serve our customers that we neglected, perhaps, to communicate effectively with them,” Agard said.

“This was not done with malice, but rather from a place of ensuring that the most accurate information was communicated at the time it became known,” she added.

Agard said initially, most of the customer complaints surrounded connectivity, the inability to pay bills online and the management of queries. The telecommunications executive said the company focused on addressing these issues, with its teams working around the clock to get customers securely back online.

“In hindsight, we should have also ensured that we kept our valued customers better informed and educated about this situation,” she said.

Giving a timeline of TSTT’s response, Agard said as soon as the data breach was publicised on October 28, the company launched an investigation to verify the claims and corroborate the information that was in the public.

“Checking the data against TSTT’s many databases was an extensive process and this guided us in terms of the information that we communicated to the public and to our other stakeholders,” the TSTT CEO said.

Additionally, Agard identified the international company that was hired by TSTT to determine the method used by the hackers.

“At this time, we have identified two possible hypotheses with respect to the path that the threat actors took but we are awaiting the completion of the investigation by our international cybersecurity expert, Check Point, before we can determine definitively what occurred,” she said.

She further noted that TSTT has taken steps to prevent any future threats to customers, having also engaged local cybersecurity company, CyberEye, which was launched last year to protect companies’ data.

CyberEye, Agard noted, is affiliated with Crossword Cyber Security PLC in the UK and was contracted to do root cause and log analysis, secure re-enablement, assess the effectiveness of TSTT’s current cybersecurity controls for protecting information assets against cyber threats, and threat monitoring and detection.

“From the onset, we isolated our systems and applications from the hackers. These applications were subsequently quarantined, rebuilt and put back into production. The international cybersecurity experts and partners advised us on the implementation of appropriate additional security measures and protocols, which, of course, you can appreciate I cannot be specific about, and we have already begun implementing further aggressive preventative actions to ensure no reoccurrence and to improve the company’s security posture,” she explained.

TSTT was the victim of a cyberattack on October 9. The incident was made public by cybersecurity firm FalconFeeds.IO, which reports on global data breaches. According to its post on October 27 to X, formerly Twitter, TSTT and its subsidary Bmobile were compromised by ransomware group Ransomexx, with six gigabytes of data stolen and dumped on the Dark Web.

However, on October 30, Minister of Public Utilities Marvin Gonzales said this information was simply “not true”. TSTT also issued a statement on the same day saying hackers attempted to break into its cybersystems but were unsuccessful. Less than a week later, the minister was forced to retract his statement, as he admitted that the attack took place and ordered an independent investigation.

Some of the information of Prime Minister Dr Keith Rowley was also dumped on the Dark Web by the hackers. Rowley has since advised TSTT that the breach should be treated as a matter of national security.

https://www.guardian.co.tt/news/agard-s ... ed1b53e2e8

[maj. tom]

Generate Chat GPT sorry script. Standard "we're sorry" parameters.

[shaneelal]

Lisa Agard has been replaced

LISA AGARD is no longer the chief executive officer of the Telecommunications Services of Trinidad and Tobago Limited (TSTT).

While a release from TSTT did not say whether Agard’s departure was voluntary or not, the announcement comes on the heels of condemnation over the organisation’s handling of a recent ransomware cyber-attack.

TSTT has announced the appointment of Kent Western to the post of acting Chief Executive Officer with immediate effect.

https://trinidadexpress.com/newsextra/l ... 2c149.html

[VexXx Dogg]

Didn’t see that coming

[The_Honourable]

Not just how it was handled but more than likely consequences for lying to and embarrassing the minister

[K74T]

About time

[K74T]

Kent Western is TSTT's new Acting Chief Executive Officer.

The Telecommunications Services of Trinidad and Tobago announced the appointment on Tuesday afternoon following the departure of Lisa Agard.

There have been calls for Ms. Agard to step down in the wake of October's cyber attack and criticism on the company's handling of the situation.

TSTT says Mr. Western brings a wealth of leadership experience to the position, having held senior executive roles in the local, regional, and international telecommunications industry, always with a focus on commercial operations and customer experience.

Prior to his appointment, Mr Western was TSTT’s General Manager, Customer Experience and Marketing.

[pugboy]

khamal might have to put food on the table
now

[maj. tom]

It good. For lying to the Minister who conveyed that given information in Parliament.
And because as CEO you are ultimately responsible for this level of insecurity on your system. And continually lying about the hack until the files literally buss for everyone to see how much lying went on. CEO, you never had meetings with your security people to know this is what would happen? You never had them test the system? Cisco123! passwords in Word documents are the current industry standard? Of course is not she alone responsible eh, but that head had to roll.

[Mmoney607]

The minister should get fired too, if someone tell me something, I would make sure it true before I start to run with it

[pugboy]

not here
look how much wrong thing heinz does spew on a weekly basis

The minister should get fired too, if someone tell me something, I would make sure it true before I start to run with it

[bluefete]

With his appointment, TSTT just went from bad to worse. You will see in time after the digging starts.

[bluefete]

It good. For lying to the Minister who conveyed that given information in Parliament.
And because as CEO you are ultimately responsible for this level of insecurity on your system. And continually lying about the hack until the files literally buss for everyone to see how much lying went on. CEO, you never had meetings with your security people to know this is what would happen? You never had them test the system? Cisco123! passwords in Word documents are the current industry standard? Of course is not she alone responsible eh, but that head had to roll.

It was lies all over the place. She appointed a square peg in a round hole in that IT department who knew nothing about cyber-security. - even after the 2022 hack.

That person was told about all the holes in TSTT's infrastructure from which an attack could happen and did nothing.

When Oct. 9th came, that manager lied to the CEO who lied to the Minister. Then came the backpedalling.

The CEO is gone but that other incompetent manager is still there. Meanwhile there was an exodus of highly qualified cybersecurity experts from TSTT when they realized that the Board of Directors and Executive management did not care one hoot about cyber-security.

[FrankChag]

It good. For lying to the Minister who conveyed that given information in Parliament.
And because as CEO you are ultimately responsible for this level of insecurity on your system. And continually lying about the hack until the files literally buss for everyone to see how much lying went on. CEO, you never had meetings with your security people to know this is what would happen? You never had them test the system? Cisco123! passwords in Word documents are the current industry standard? Of course is not she alone responsible eh, but that head had to roll.

It was lies all over the place. She appointed a square peg in a round hole in that IT department who knew nothing about cyber-security. - even after the 2022 hack.

That person was told about all the holes in TSTT's infrastructure from which an attack could happen and did nothing.

When Oct. 9th came, that manager lied to the CEO who lied to the Minister. Then came the backpedalling.

The CEO is gone but that other incompetent manager is still there. Meanwhile there was an exodus of highly qualified cybersecurity experts from TSTT when they realized that the Board of Directors and Executive management did not care one hoot about cyber-security.

Sounds like the Peter Principle happening there.
https://en.wikipedia.org/wiki/Peter_principle


There are exceptions, but it's a classic public-sector disease, especially when you mix in corruption and nepotism.

Once, I literally heard one manager in state company (who was recently promoted), in a lime, and with a BIG GRIN saying something like "I get thru.. time to fake it till I make it! Ent!"


From what you're saying, perhaps that's what happened there.. incompetent manager "get thru" so "highly qualified cyber experts" leave to let them ketch.

And ketch they did apparently.

[Monk BANzai]

It good. For lying to the Minister who conveyed that given information in Parliament.
And because as CEO you are ultimately responsible for this level of insecurity on your system. And continually lying about the hack until the files literally buss for everyone to see how much lying went on. CEO, you never had meetings with your security people to know this is what would happen? You never had them test the system? Cisco123! passwords in Word documents are the current industry standard? Of course is not she alone responsible eh, but that head had to roll.

It was lies all over the place. She appointed a square peg in a round hole in that IT department who knew nothing about cyber-security. - even after the 2022 hack.

That person was told about all the holes in TSTT's infrastructure from which an attack could happen and did nothing.

When Oct. 9th came, that manager lied to the CEO who lied to the Minister. Then came the backpedalling.

The CEO is gone but that other incompetent manager is still there. Meanwhile there was an exodus of highly qualified cybersecurity experts from TSTT when they realized that the Board of Directors and Executive management did not care one hoot about cyber-security.

you sound hurt

and to be fair that exodus been happening since the removal of the Jamaican CTO in 2019.... come nah man... gih dem the full "blahzay"...... Lisa only exposed (at the time) the Thin skinned club that was TSTT ICT.... even after they brought in "Galt-n-Littlepage".....Men still left. So doh lay it on the "Incompetent" manager... Lay it on the general TSTT landscape.

And you know this.

[Dohplaydat]

It good. For lying to the Minister who conveyed that given information in Parliament.
And because as CEO you are ultimately responsible for this level of insecurity on your system. And continually lying about the hack until the files literally buss for everyone to see how much lying went on. CEO, you never had meetings with your security people to know this is what would happen? You never had them test the system? Cisco123! passwords in Word documents are the current industry standard? Of course is not she alone responsible eh, but that head had to roll.

It was lies all over the place. She appointed a square peg in a round hole in that IT department who knew nothing about cyber-security. - even after the 2022 hack.

That person was told about all the holes in TSTT's infrastructure from which an attack could happen and did nothing.

When Oct. 9th came, that manager lied to the CEO who lied to the Minister. Then came the backpedalling.

The CEO is gone but that other incompetent manager is still there. Meanwhile there was an exodus of highly qualified cybersecurity experts from TSTT when they realized that the Board of Directors and Executive management did not care one hoot about cyber-security.

Sounds like the Peter Principle happening there.
https://en.wikipedia.org/wiki/Peter_principle


There are exceptions, but it's a classic public-sector disease, especially when you mix in corruption and nepotism.

Once, I literally heard one manager in state company (who was recently promoted), in a lime, and with a BIG GRIN saying something like "I get thru.. time to fake it till I make it! Ent!"


From what you're saying, perhaps that's what happened there.. incompetent manager "get thru" so "highly qualified cyber experts" leave to let them ketch.

And ketch they did apparently.

Lol have ever worked in Trinidad, it's rife with incidents like this happening but simultaneously people who think they're more qualified to do a job because they have a degree. In most occasions the people who are actually qualified and competent aren't working lower level roles in state companies.

[Dohplaydat]

It good. For lying to the Minister who conveyed that given information in Parliament.
And because as CEO you are ultimately responsible for this level of insecurity on your system. And continually lying about the hack until the files literally buss for everyone to see how much lying went on. CEO, you never had meetings with your security people to know this is what would happen? You never had them test the system? Cisco123! passwords in Word documents are the current industry standard? Of course is not she alone responsible eh, but that head had to roll.

It was lies all over the place. She appointed a square peg in a round hole in that IT department who knew nothing about cyber-security. - even after the 2022 hack.

That person was told about all the holes in TSTT's infrastructure from which an attack could happen and did nothing.

When Oct. 9th came, that manager lied to the CEO who lied to the Minister. Then came the backpedalling.

The CEO is gone but that other incompetent manager is still there. Meanwhile there was an exodus of highly qualified cybersecurity experts from TSTT when they realized that the Board of Directors and Executive management did not care one hoot about cyber-security.

you sound hurt

and to be fair that exodus been happening since the removal of the Jamaican CTO in 2019.... come nah man... gih dem the full "blahzay"...... Lisa only exposed (at the time) the Thin skinned club that was TSTT ICT.... even after they brought in "Galt-n-Littlepage".....Men still left. So doh lay it on the "Incompetent" manager... Lay it on the general TSTT landscape.

And you know this.

Feels like since George H gone (now dead) the tech and IT teams of TSTT have just fallen to the way side and rife with corruption and nepotism.