U.K. telecoms giant Colt has been hit by a ransomware attack claimed by the Warlock gang, affecting some of its business support systems that remain offline as a matter of precaution following the cyber incident. Around the same time, Australia’s TPG-owned telecoms company iiNet was the target of a third-party data breach after attackers gained access through stolen employee credentials. The incident has affected 280,000 people, including the exposure of 10,000 personal phone numbers and home addresses, as well as 1,700 modem passwords.
As a telecoms provider that falls under the Security of Critical Infrastructure Act, this breach underscores the growing and persistent threat facing critical national infrastructure worldwide.
“We’re continuing to work tirelessly to restore the internal systems affected by the recent cyber incident,” Colt said in its latest update. “We understand how frustrating it is not to have access to some of our support services, such as Colt Online and our Voice API platform, and we appreciate your patience and understanding.”
The company has previously said that “We have the capability of monitoring our customers’ networks, and we continue to manage network incidents efficiently, but we’re working in a more manual way than normal. We’re working hard to get our automated monitoring capability fully restored.”
At the time of identifying the incident, Colt said it had “detected the cyber incident on an internal system. This system is separate from our customers’ infrastructure. We took immediate protective measures to ensure the security of our customers, colleagues, and business, and we proactively notified the relevant authorities.”
It added that “one of our protective measures involved us proactively taking some systems offline, which has led to the disruption of some of the support services we provide to our customers. Our technical team is focused on restoring the affected systems and is working closely with third-party cyber experts.”
In Australia, iiNet has been impacted by a cyber incident involving unauthorised access to its order management system by an unknown third party. “The iiNet ordering system is used to create and track orders for iiNet services, such as NBN connections,” the company detailed in an update on the cyber incident. “The system contains limited personal information. Importantly, it does not contain copies or details of customer identity document details (such as passport or driver’s licences), credit card or banking information.”
Upon confirmation of this incident, iiNet enacted its incident response plan, began work to ensure the security of the system, and to determine what occurred. “We have engaged external IT and cyber security experts to assist with our investigation. We are making direct contact with affected customers to apologise and inform them of this incident, and to provide support and guidance on what to do next.”
The company is also liaising with the Australian Cyber Security Centre (ACSC), the National Office of Cyber Security (NOCS), the Office of the Australian Information Commissioner (OAIC), and other relevant authorities in response to this incident.
