Threat Actor: RansomHub ransomware group | RansomHub ransomware group
Victim: Frontier Communications | Frontier Communications
Price: Not mentioned
Exfiltrated Data Type: Names, email addresses, SSNs, credits, scores, dates of birth, and phone numbers
Additional Information :
- The RansomHub ransomware group claimed to have stolen the information of over 2 million customers from Frontier Communications.
- The stolen data includes names, email addresses, SSNs, credits, scores, dates of birth, and phone numbers.
- The RansomHub group gave Frontier Communications 2 months to contact them, but the company did not respond.
- The incident was identified on April 14, 2024, after an unauthorized threat actor gained access to parts of Frontier Communications’ IT environment.
- Frontier Communications launched an investigation into the security breach with the help of cybersecurity experts and notified law enforcement authorities.
- RansomHub published an image of the stolen records as proof of the data breach and threatened to publish the stolen data if the ransom is not paid within nine days.
- Frontier Communications started notifying over 751,895 individuals that their personal information was stolen in the attack.
- The company does not believe that financial information was affected.
- Frontier Communications is offering a year of complimentary credit monitoring and identity theft resolution services to the impacted individuals.
Last week, the RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications. The RansomHub group claimed to have stolen 5GB of data from the telecommunications giant.
Stolen data include names, email addresses, SSNs, credits, scores, dates of birth, and phone numbers.
“Data is more than 2 million customer with address name email ssn credit score date of birth and phone number. We gave frontier 2 months to contact us but they don’t care about clients data. Below is screenshot of some of the data.” reads the message published by the group. “Now anyone who wants to buy this data can contact our blog support, we only sell it once.”
In April, Frontier Communications notified the Securities and Exchange Commission (SEC) that it had to shut down certain systems following a cyberattack. The incident was identified on April 14 after that an unauthorized threat actor gained unauthorized access to parts of its IT environment.
The company launched an investigation into the security breach with the help of leading cybersecurity experts and started operations to contain the incident.
“Based on our investigation, we have determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information.” reads the Form 10-Q (quarterly report of financial performance) filed by the company with the SEC in May. “While we do not believe the incident is reasonably likely to materially impact our financial condition or results of operations, we continue to investigate the incident, have engaged cybersecurity experts, and have notified law enforcement authorities.”
RansomHub has published an image of the stolen records as proof of the data breach and threatens to publish the stolen data if the victim will not pay the ransom within nine days.
Initially, the company did not provide details about the attack, but last week it started notifying over 751,895 individuals that their personal information was stolen in the attack.
“On April 14, 2024, we detected unauthorized access to some of our internal IT systems. Our investigation identified your personal information among the data affected by this incident.” reads the notification letter sent to the Impacted individuals. “The personal information involved includes your <>. Based on our investigation, we do not believe your personal financial information was affected.
Frontier Communications revealed that threat actors stole names, other personally identifiable information, and Social Security numbers. The company does not believe that financial information was affected.
Frontier Communications is offering a year of complimentary credit monitoring and identity theft resolution services months to the impacted individuals.
“In addition to activating the credit monitoring and identity theft resolution services, we recommend that you remain vigilant against incidents of identity theft and fraud by reviewing your account statements and monitoring your free credit reports for suspicious activity and to detect errors.” concludes the letter reads.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
Original Source: https://securityaffairs.com/164315/data-breach/frontier-communications-data-breach.html