Cyber Incident Victim: Telecommunications Services of Trinidad and Tobago
Date:
Oct 2023
Location:
Trinidad and Tobago
Summary
Telecommunications Services of Trinidad and Tobago (TSTT) experienced a cyberattack involving unauthorized system access by the ransomware group Ransomexx, which claimed theft of six gigabytes of sensitive customer data—including names, email addresses, national ID numbers, and phone numbers—and provided a sample CSV file allegedly containing records of over 800,000 customers. TSTT disputed the compromise, stating no data was deleted or manipulated from its databases and that it could not verify the authenticity of the leaked information. The company activated incident response protocols, isolated affected systems, rebuilt applications with international cybersecurity experts, and implemented additional security measures. This followed a prior malware incident where no data was compromised or ransom paid, reinforcing ongoing investments in hardening IT infrastructure against such threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around October 9, 2023, Telecommunications Services of Trinidad and Tobago (TSTT) experienced a cyberattack involving unauthorized access attempts to its systems. The international hacker group Ransomexx publicly claimed responsibility, announcing they had deployed ransomware and exfiltrated approximately six gigabytes of data allegedly containing sensitive customer information such as names, email addresses, national identification numbers, and phone numbers. As evidence, Ransomexx released a CSV file purportedly containing detailed records of over 800,000 TSTT customers. TSTT acknowledged the attack but disputed the hackers’ claims regarding data compromise, stating its systems prevented any deletion or manipulation of customer databases. The company emphasized it could not immediately verify whether the leaked data belonged to its systems, noting its platforms generate terabytes of information daily.
TSTT activated its incident response protocols upon detecting the intrusion, isolating affected systems and applications to contain the breach. The quarantined applications were subsequently rebuilt and restored to production following predefined procedures. The company engaged internationally recognized cybersecurity experts to investigate the incident and implement enhanced security measures, some of which were already operational. TSTT highlighted its continuous multimillion-dollar investments in cybersecurity infrastructure and processes, asserting these measures restricted the attackers’ objectives. This incident followed a March 2022 malware attack targeting TSTT’s internal applications, which the company contained without data compromise or ransom payment. During the 2022 incident, TSTT’s online bill payment portal was temporarily non-functional for approximately two weeks, though customer connectivity services remained unaffected. In both cases, TSTT maintained no customer, employee, or corporate data was exfiltrated or altered, and it publicly condemned the attackers’ actions while committing to further security hardening under expert guidance.