Pierluigi Paganini
Frontier Communications breach hit over 750,000 individuals
June 10, 2024
Frontier Communications has informed over 750,000 individuals that their personal details were compromised during a recent cyber incident.
Recently, the RansomHub ransomware gang declared that they had stolen the information of more than 2 million clients from Frontier Communications, a US telecommunications company. The cybercriminal group claimed to have extracted 5GB of data from the telecom company.
The stolen data contains names, email addresses, social security numbers, credit scores, birth dates, and phone numbers.
“Data exceeds 2 million customers with details such as addresses, names, emails, SSNs, credit scores, dates of birth, and phone numbers. We contacted Frontier giving them a 60-day deadline but they showed disregard for customer data. Below is a screenshot of some of the compromised data,” the message issued by the group stated. “Now, those interested in purchasing this data can reach out to our support blog, as we only sell it once.”
In April, Frontier Communications reported to the Securities and Exchange Commission (SEC) that it had to halt specific systems due to a cyber intrusion. The breach was discovered on April 14 after an unauthorized threat actor managed to breach sections of its IT environment.
The company initiated an inquiry into the security breach with the aid of prominent cybersecurity professionals and commenced actions to mitigate the situation.
“From our investigation, we concluded that the third party was likely a cybercrime syndicate that accessed, among other things, personally identifiable information,” reads the Form 10-Q (quarterly financial performance report) submitted by the company in May. “Though we don’t believe the incident will significantly impact our financial status or operational outcomes, we are continuing our investigation, involving cybersecurity experts, and have informed law enforcement agencies.”
RansomHub has released an image of the pilfered records to prove the data breach and threatens to disclose the data unless the victims pay the ransom within nine days.
Initially, the company did not disclose specifics about the attack, but recently began notifying more than 751,895 individuals that their personal data was compromised during the attack.
“On April 14, 2024, we detected unauthorized access to some of our internal IT systems. Our inquiry identified your personal information as part of the data impacted by this event,” as stated in the notification letter sent to those affected. “The personal information included comprises your <>. As per our investigation, we believe your personal financial details were not impacted.
Frontier Communications disclosed that the threat actors stole names, other personally identifiable details, and social security numbers, assuring that financial information was unaffected.
Frontier Communications is providing a year of complimentary credit monitoring and identity theft resolution services to the affected individuals.
“Aside from activating the credit monitoring and identity theft resolution services, we recommend that you stay alert to identity theft and fraud incidents by reviewing your account statements and monitoring your free credit reports for suspicious activities and inaccuracies,” concludes the letter.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
About Author
