(Trinidad Guardian) Prime Minister Dr Keith Rowley’s identification card number, his driver’s permit number and his passport number have been found to be compromised in TSTT’s data breach.
The Excel document also has his birth date and a PO box address for him as Prime Minister.
Guardian Media obtained a copy of the 6GB of data from TSTT which was uploaded to the dark web, following a cyberattack on the company on October 9, and was able to verify this. The data bundle includes scans, a list of names and credentials.
Rowley was asked to comment and was sent a copy of the information which Guardian Media was able to source and verify, but up to late yesterday, did not respond.
The Prime Minister is one of hundreds of customers whose data has been posted online following the data breach at the telecommunications company.
As of yesterday, the data—which contains 1.2 million names—has been downloaded over 13,000 times from the dark web.
The data has names, home addresses, email addresses, cell phone numbers, birth certificates, passport numbers, identification cards, receipts, internal emails, as well as credentials.
Yesterday, Public Utilities Minister Marvin Gonzales issued a press statement and mandated that the board of TSTT conduct an independent inquiry into the cyberattack at the company.
In the statement, Gonzales said he is deeply concerned about the recent cyberattack given TSTT’s importance on the country’s telecommunications landscape.
The minister said the gravity of the situation warrants a thorough and full-scale investigation to ascertain the facts and circumstances that caused the breach, TSTT’s communications regarding the matter, and the actions the organisation is (and has been) taking to reduce the possibility of future cyber incursions.
He said that TSTT has to make public the facts and findings, in so far as the details do not compromise TSTT customer confidentiality or further put at risk the integrity of TSTT’s data or digital infrastructure.
Angus Smith, manager of T&T’s Cybersecurity Incident Response Team, yesterday welcomed the investigation as, given what’s in the public domain, there is not enough to understand the threat to the country.
He criticised TSTT’s handling of the incident and not reaching out to their customers affected by the incident and lamented the lack of legislation to enforce T&T to force companies to be transparent about data breaches.
For its part, TSTT chose not to further comment yon Sunday on the minister’s call for an independent investigation.
Last Saturday, the company said there was no compromise of customer data but added that it had not corroborated information in the public domain purported to be customer information.
On Friday, the company issued another statement admitting that 6GB, or less than one per cent of the petabytes of the company’s data, was accessed but that the majority of its customers’ data was not acquired and no passwords were compromised.
TSTT said it was determined that some of the data had been accessed from a legacy system, which is no longer utilised but contains data that is, in many instances, no longer valid.