Cyber Incident Victim: National Insurance Board of Trinidad and Tobago
Date:
Dec 2023
Location:
Trinidad and Tobago
Summary
The National Insurance Board of Trinidad and Tobago experienced a ransomware attack that forced the closure of its offices and disrupted operations of the social security system serving over 630,000 citizens. The agency engaged external technology partners and collaborated with the national cybersecurity response team to address the incident while taking steps to protect data integrity and hardware. This attack followed previous ransomware incidents affecting other government entities and critical infrastructure in the country, reflecting broader regional targeting of Caribbean institutions by cybercriminal groups.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The National Insurance Board of Trinidad and Tobago (NIBTT) experienced a ransomware attack on Tuesday, December 26, 2023, disrupting operations of the agency responsible for the country’s social security system. The organization publicly announced the incident on December 27, stating all offices would remain closed through December 29 while systems were assessed. NIBTT confirmed it was working to protect data integrity and technology hardware while collaborating with external technology partners to resolve the attack. The agency reported the incident to the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) under the Ministry of National Security, coordinating with this government cybersecurity unit for remediation. This attack directly impacted the NIBTT’s ability to provide cash and check payments to over 630,000 beneficiaries—approximately 40% of the nation’s population—who rely on these funds as insurance against work-related injuries and other income disruptions. The agency did not disclose whether attackers issued a ransom demand or identified the responsible ransomware group. This incident followed a July 2023 ransomware attack against Trinidad and Tobago’s justice department that paralyzed court operations for weeks, causing electronic document service failures and preventing government lawyers from accessing emails or trial documents.
The December attack occurred shortly after TT-CSIRT issued a public advisory warning organizations about increasing ransomware threats in the country, though the alert’s exact timing relative to the NIBTT breach was unspecified. Trinidad and Tobago’s vulnerability to such attacks was further demonstrated in 2022 when its largest supermarket chain shut down due to ransomware. The 2023 NIBTT incident reflected broader regional trends, as multiple Caribbean nations including Bermuda, Martinique, the Dominican Republic, and Guadeloupe faced ransomware attacks throughout the year. Costa Rica’s government also suffered extensive ransomware disruptions in 2023, an event that prompted expanded U.S.-led counter-ransomware initiatives involving nearly 40 countries and the European Union. The NIBTT maintained public communication via social media but did not respond to media inquiries about technical specifics of the attack, restoration timelines, or potential data compromise. No additional operational impacts beyond the three-day office closure were detailed in available reports.