GREAT BAY--The Association for Consumer Protection St. Maarten, ACP-SXM, has formally written to the Public Prosecutor’s Office requesting access to the “Freya” investigation report, clarification on the formal status of the investigation, and consideration of whether the probe into the March 2022 ransomware attack on NV GEBE should be reopened or supplemented.
The letter, dated June 18, 2026, was submitted by ACP-SXM President and Chairperson drs. Peggy-Ann Richardson on behalf of consumers and the wider public of St. Maarten. ACP-SXM stated that the matter remains one of significant and ongoing public concern because NV GEBE is the country’s sole public utilities company and because residents and commercial consumers were the primary clients affected by the cyberattack.
According to ACP-SXM, the ransomware cyberattack, attributed to the criminal organization “Black Byte,” was discovered on March 17, 2022. The attack resulted in the encryption of NV GEBE’s customer database, financial records and business data. On June 27, 2022, the Public Prosecutor’s Office, together with the Police Force of St. Maarten, confirmed that the “Freya” investigation report had been submitted to the Government of St. Maarten in its capacity as sole shareholder of NV GEBE.
ACP-SXM said the public statement issued at the time made clear that the investigation was materially hampered by what was described as NV GEBE’s non-cooperative attitude during the investigative process. The organization noted that, due to the refusal to grant access to the compromised systems, investigators were unable to determine the precise extent of the danger posed to residents and public infrastructure, the identity and affiliations of the perpetrators, and the residual risks to NV GEBE’s systems and clientele.
ACP-SXM said non-cooperation by a publicly owned entity in the face of a criminal investigation directly affecting national infrastructure and consumer data is a matter the organization regards with the utmost gravity.
In its first formal request, ACP-SXM asked for access to, or a copy of, the “Freya” investigation report that was submitted to the Government of St. Maarten around June 26, 2022. The organization said the consuming public has a legitimate right to information regarding the nature, scope and findings of any investigation carried out on their behalf.
ACP-SXM acknowledged that portions of the report may be subject to classification for operational security reasons. However, the organization requested that any releasable portions be made available with appropriate redactions where necessary.
The organization is also seeking clarification on whether the “Freya” investigation has been formally closed and, if so, the grounds on which it was closed. ACP-SXM said consumers and the broader public have a vested interest in understanding whether the matter was conclusively resolved or remains open.
ACP-SXM further asked whether an official determination was ever made regarding potential criminal liability arising from what it described as obstructive conduct by NV GEBE during the investigation. The organization said this question is important because the original investigation acknowledged fundamental gaps in its findings that were directly attributed to NV GEBE’s lack of cooperation.
In a third request, ACP-SXM invited the Public Prosecutor’s Office to consider whether recent and ongoing developments in the governance, financial management and operational accountability of NV GEBE warrant a reassessment of the matter. The organization asked whether the investigation should be formally reopened or supplemented in light of what it described as new and material context.
ACP-SXM pointed specifically to documented concerns regarding the accuracy and transparency of NV GEBE’s tariff-setting mechanisms, including what it said was a detailed independent analysis identifying a potential consumer overcharge of approximately USD 6.9 million over the period 2022 to 2024.
The association also raised concerns about NV GEBE’s cybersecurity posture and data protection obligations to its customers. ACP-SXM said these concerns remain unresolved because the original investigation was unable to fully assess what consumer data may have been accessed, extracted or exploited as a result of the March 2022 ransomware attack.
Additionally, ACP-SXM cited what it described as NV GEBE’s continued failure to provide transparent public accounting of the remediation measures taken after the 2022 cyberattack. The organization also questioned whether affected consumers were ever duly notified of the potential compromise of their personal data.
ACP-SXM said the pattern of institutional non-cooperation with oversight bodies may bear directly on questions of corporate governance and accountability that fall within the purview of prosecutorial authorities.
The organization emphasized that it acknowledges the independence and discretion vested in the Public Prosecutor’s Office and is not seeking to direct the exercise of prosecutorial authority. Rather, ACP-SXM said the combined circumstances present a compelling basis for the Public Prosecutor’s Office to re-examine whether the public interest, and specifically the interests of consumers directly affected by the 2022 cyberattack, have been adequately served by the conclusion of the “Freya” investigation.
ACP-SXM said it is available to meet with the Public Prosecutor’s Office at its earliest convenience to discuss the matters raised in the letter and to provide any documentation that may assist in its deliberations.
The organization said it stands ready to cooperate fully in the interest of justice and the protection of consumers in St. Maarten.
Join Our Community Today
Subscribe to our mailing list to be the first to receive
breaking news, updates, and more.
