Log In

Reset Password
BERMUDA | RSS PODCAST

Senate hears details on cyberattack report

Last September’s cyberattack immobilised multiple government services (File photograph)

A report into the 2023 cyberattack that crippled the island’s public service IT systems was handed in to the Government two months later, the Senate heard on Wednesday.

However, the Cabinet office later ruled out releasing the report to the public.

Owen Darrell, the Government Senate Leader and Minister of Tourism, Culture and Sport, told the Upper House that the report came in on November 7, 2023.

Responding to a question from Opposition senator Douglas De Couto, Mr Darrell said the report was not produced internally.

He added: “Those who prepared it, external to Government, have had access to the report.”

On his X social-media account, Dr De Couto said on Wednesday that no one had been appointed to a joint select committee to look into the attack last September.

He also noted that no date had been announced for the parliamentary committee to undertake its mandate.

He said: “Here, we are seven months after the hack, and only now will the Government admit that it actually has got a report.”

Dr De Couto said a number of questions on the attack from the One Bermuda Alliance remained unanswered.

He said: “For example, what personal and private information about Bermudians were stolen by those hackers from the Government?

“What do we need to be concerned about?”

He asked: “Why is government hiding the existence of that ransom from everybody?”

In a statement to The Royal Gazette, Dr De Couto reiterated the OBA’s position that an independent Commission of Inquiry should have been set up to examine the cyberattack in “a non-partisan way free of political influence”.

He added: “By using a joint select committee, the Government will abuse the parliamentary process to delay and obfuscate getting to the bottom of the cyberattack on behalf of the Bermudian people.”

He said it had already been shown by “their delaying tactics and lack of clarity with respect to the existing report from last November”.

“It’s important that people know if their private information was compromised so that they can take the appropriate actions such as securing credit cards, online accounts, and other services.

“In many or even most jurisdictions, it is required by law for companies and governments to disclose to individuals when their private information is stolen.

“This is required by Pipa, the Personal Information Privacy Act, which will go into effect shortly in Bermuda.”

Dr De Couto called it “good financial management” for there to be transparency regarding any ransom.

“Since the Government has refused to deny that a ransom was paid, the only logical conclusion is that a ransom was indeed paid.

“It is clearly in the public interest for Bermudians to know how much was paid and where the money came from.”

A cabinet office spokeswoman responded last night: “Senator Doug DeCouto has tried every single attempt known in the last several weeks to seek access to a confidential and sensitive cyber report.

“First by trying to circumvent the Senate Rules, then through a local broadcast station, and now via The Royal Gazette and social media.”

She said it was “becoming tiring on behalf of the senator”.

“The answer to his repeated queries, and to his latest social media outrage is simple — the report will not be made public.

“Once again, the House of Assembly approved the appointment of a joint select committee to inquire into the cyber incident.”

She added: “To be clear, once the JSC is appointed and hearings scheduled, this will serve as the opportunity for the Opposition to ask these questions.”

On May 3, MPs passed a resolution in the House of Assembly proposing the creation of the committee to examine the attack.

The resolution was passed after Michael Weeks, the Minister of National Security, tabled the Cybersecurity Act 2024 and the Computer Misuse Act the same day.

At the time, Jarion Richardson, the leader of the OBA, questioned whether the Government would have tabled the cybersecurity report.

Mr Weeks responded: “The Government has done a review and the report has been done. I do not have it.”

Questioned further by Mr Richardson, Mr Weeks said: “I do not want to pre-empt the joint select committee.

“But I am sure that eventually the report will be tabled.”

You must be Registered or to post comment or to vote.

Published June 14, 2024 at 7:56 am (Updated June 14, 2024 at 7:46 pm)

Senate hears details on cyberattack report

What you
Need to
Know
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon