The Telecommunications Services of Trinidad and Tobago’s (TSTT) is apologising to its customers, after it finally admitted that the information released in the darkweb by Ransomexx hackers indeed comprises data from them.
This comes on the heels of a Trinidad Express report, which pointed out that over one million TSTT customer records were posted on the dark web following a ransomware attack.
The company stated: “During the past seven days, TSTT has been working with its international cyber security experts and has undertaken a rigorous examination of data published on the dark web after a ransomware group claimed ownership of a cyberattack on the telecommunications company.”
“Although the published material was easily accessible, the corroboration process was time consuming because it required cross referencing data across multiple extensive databases to verify sources. With the support of our cyber security consultants, the company has determined that the data released contains largely identifying information, and TSTT apologises to those customers whose information was accessed by these cyber terrorists,” TSTT added.
TSTT said it is still scrutinising the data, but that the 6GB stolen from Ransomexx represents less than one per cent of the petabytes of data the company produces and stores.
“Moreover, it represents information of a small subset of TSTT’s customer base. A single customer could generate hundreds or thousands of records of non-critical, non-sensitive transactions. The majority of TSTT’s customers’ information was not accessed,” it stated.
Over the weekend, international hackers Ransomexx announced that they infected TSTT with ransomware and stole as many as six gigabytes (GB) of its data, including names, e-mail addresses, national ID numbers, phone numbers and “a lot of other sensitive data”.
On Monday TSTT issued a statement saying that at the onset of the threat, its incident response processes were “swiftly activated”.
However, IT experts said the data leak is on a large scale and customers’ information as well as TSTT’s private information about its operations are all on the dark web.
TSTT said it was determined that some of the data was accessed from a legacy system, which is no longer utilised by TSTT but which contains data that is, in many instances, no longer valid.
“This data is kept to ensure TSTT is compliant with relevant laws as it relates to retention of customer information,” it stated.
TSTT said its investigation found that no customer passwords or credentials were accessed.
“Due to the nature of the data accessed, internal and external security analysts have advised that there is no elevated risk of fraudulent activity for the group of customers impacted. Some of the information can already be easily accessed via the telephone directory’s white pages. However, TSTT reminds all customers to be vigilant and alert to potential scams and fraudulent activity and report them where necessary,” it stated.
“It is important to note that certain statements currently in the public domain regarding the publication of personal data are inaccurate and invalid,” TSTT stated.
TSTT said it does not request, require and/or store on its databases any of the following information related to its customers: Credit Card information; Customer passwords; Approvals for housing; Shipping documents.
TSTT also denied what it labelled as “false, misleading, and damaging statements regarding its data centre.”
“TSTT’s data centre (TIA 942-B, Rated 3, SOC-2, DCOS Maturity Level 3 and ISO) is the most secure, resilient and reliable data centre in Trinidad and Tobago, the Caribbean and ranked highly in the Latin American region,” it stated.
“TSTT categorically refutes claims that its data centre was breached and therefore any claims of our corporate client data or credentials being accessed as a result of an alleged breach of our data centre is totally inaccurate, ill-informed and mischievous,” TSTT stated.
“We strongly urge responsible parties to exercise utmost caution and responsibility when publishing and disseminating information. Due to the sensitive nature of this, it is imperative to verify and obtain information from credible and expert sources, as inaccurate and misleading reports can misinform and potentially damage public trust and also harm our company. This is why TSTT is taking meticulous steps to thoroughly verify all information. We also urge members of the public to exercise discernment in the information they consume, ensuring they receive it from credible and reputable sources to make well-informed decisions,” TSTT stated.