US telecom provider Frontier Communications was forced to shut down a number of its internal systems after detecting an unauthorized third party in its IT environment, shuttering internet access for millions.
Frontier Communications said it first detected the unauthorized access on 14 April 2024, before reporting the incident to the SEC on 15 April. The company said it had taken its systems down as part of its incident response protocols in an effort to contain the breach.
Frontier reported it believes it has contained the incident, with its core IT environment already restored, adding that it has also begun efforts to restore normal business operations, but this process is still ongoing.
Frontier serves customers in 25 US states, with 3 million broadband subscribers and a fiber optic network consisting of 5.2 million locations, as threat actors continue to target critical national infrastructure organizations to maximize the impact of their attacks.
Frontier says the third party, which it believes was likely a cyber crime group, was able to gain access to personally identifiable information (PII), among other information.
The telecom provider was unable to provide any further information on the specific types of sensitive information accessed by the attackers, or whether the PII pertained to customers or employees.
Some customers took to social media to voice their concern after being without internet for three days since Frontier took its systems down, reporting they cannot access technical support through Frontier’s app, website chat, or their phone line.
Frontier announced it was experiencing technical issues with its internal support systems and provided a phone number for those who require assistance.
Hackers target telecoms industry as ISPs become increasingly viewed as critical-national infrastructure
This incident comes hot on the heels of a series of high-profile cyber incident affecting telecom companies.
A huge cache of AT&T customer data was published on the dark web on 30 March 2024, with the personal data of 73 million current and former customers being exposed.
In February 2024, Australian telecom company Tangerine disclosed a breach that exposed the personal data of 232,000 customers, after an eternal contractor’s compromised credentials were used to access a customer database.
As a result, internet providers are increasingly being classified alongside the healthcare, water, and energy sectors as critical national infrastructure (CNI), due to the number of critical services that rely on an internet connection.
In its 2023 annual review UK’s National Cyber Security Centre included internet providers as part of the critical national infrastructure, defined as organizations which if compromised could cause large scale loss of life, a serious impact on the economy, and have other ‘grave social consequences for the community’.
The annual review also notes the cyber threats facing organizations today have changed, with a rise of state-aligned groups launching attacks against critical national infrastructure in rival states.
As such, telecommunications firms should be taking extra precautions to mitigate the potential threats of nation-state affiliated threat actors deploying sophisticated attacks to cripple essential services across the region.