US telecommunications provider Frontier Communications was forced to shut down several of its internal systems after detecting an unauthorized third party in its IT environment, blocking internet access for millions of people.
Frontier Communications said it first detected the unauthorized access on April 14, 2024, before reporting the incident to the SEC on April 15. The company said it had disabled its systems as part of its incident response protocols in an effort to contain the breach.
Border reported believes it has contained the incident, with its core IT environment now restored, adding that it has also begun efforts to restore normal business operations, but this process is still ongoing.
Frontier serves customers in 25 US states, with 3 million broadband subscribers and a fiber optic network consisting of 5.2 million locations, as threat actors continue to target national infrastructure organizations Critical attacks to maximize the impact of your attacks.
Frontier says the third party, which it believes was likely a cybercrime group, was able to gain access to personally identifiable information (PII), among other information.
The telecommunications provider was unable to provide further information about the specific types of sensitive information the attackers accessed, or whether the PII belonged to customers or employees.
Some customers chose social media to express their concern after being without internet for three days since Frontier disabled their systems, reporting that they cannot access technical support through the Frontier app, website chat or their phone line.
Frontier announced that it was experiencing technical issues with its internal support systems and provided a phone number for those who need help.
Hackers target telecoms industry as ISPs increasingly seen as critical national infrastructure
This incident comes on the heels of a series of high-profile cyber incidents affecting telecommunications companies.
A massive cache of AT&T customer data was posted on the dark web on March 30, 2024, with the personal data of 73 million current and former customers exposed.
In February 2024, Australian telecommunications company Tangerine revealed a breach that exposed the personal data of 232,000 customers, after a longtime contractor's compromised credentials were used to access a customer database.
As a result, internet providers are increasingly classified alongside the health, water and energy sectors as critical national infrastructure (CNI), due to the number of critical services that depend on an internet connection.
In its 2023 annual review, the UK's National Cyber Security Center included internet providers as part of critical national infrastructure, defined as organizations that, if compromised, could cause large-scale loss of life, a serious impact on the economy and have other “serious social health consequences.” community'.
The annual review also notes that the cyber threats facing organizations today have changed, with an increase in state-aligned groups launching attacks against critical national infrastructure in rival states.
As such, telcos should take additional precautions to mitigate potential threats from nation-state-affiliated threat actors deploying sophisticated attacks to cripple essential services across the region.