Frontier Communications Cyber Attack Shuts Down Systems, Leaks Personal Data

A cyber attack by a suspected cybercrime group has forced Frontier Communications, a Dallas, Texas-based optic-fiber Internet provider, to temporarily shut down its information systems to contain the incident.

Founded in 1935, Frontier Communications provides digital phone, fiber-optic Internet, and satellite TV services in at least 25 US states and earned $5.75 billion in 2023.

According to a regulatory filing with the U.S. Securities and Exchange Commission (SEC), Frontier Communications Parent, Inc. detected that a third party had gained unauthorized access to some of its information technology systems on April 14.

The company initiated its cyber incident response protocols, which included shutting down some systems, resulting in operational disruptions.

The interruptions affected Frontier’s mobile apps and website, which displayed a warning message that the company was “experiencing technical issues with our internal support systems.”

Internet customers also reported downtimes and had trouble reaching human customer service. However, the company claims that customers’ Internet service was unaffected by the cyber incident.

Frontier cyber attack attributed to a cyber crime group, leaked PII

Frontier Communications told the SEC it launched an investigation with external cybersecurity experts and notified law enforcement authorities of the cyber attack.

Preliminary results of the probe determined that the third party was likely a cybercrime group which gained access and potentially stole personally identifiable information (PII). However, the threat actor’s identity or the number of victims whose personal information was potentially compromised during the cyber attack remains undisclosed or undetermined.

Frontier also failed to clarify whether the potentially compromised data belonged to its customers or employees. So far, no cybercrime group has publicly claimed responsibility for the Frontier cyber attack.

Meanwhile, Frontier does not expect further disruptions and believes it has contained the cyber attack. The company has also restored its core information technology environments and is in the process of restoring normal business operations.

Additionally, Frontier does not expect the cyber attack to “materially impact the Company’s financial condition or results of operations.” Nonetheless, the company’s shares dropped by more than 3% a few hours after the breach was disclosed.

Frontier also promised to continue to investigate the incident to determine its full breadth and scope. However, the company did not say when it will notify impacted customers.

“Telecom giant Frontier has been around the industry for a while, having previously acquired networks from major players like Verizon and AT&T,” noted Paul Laudanski, Director of Security Research at Onapsis. “One of the primary challenges for any company involved in such acquisitions is the integration of technology and understanding of assets, processes, and personnel.”

Telecoms are popular targets for cyber attacks

Telecommunications companies are a popular target for financially motivated and state-sponsored hackers seeking to access the extensive personal information they collect and store, including customer proprietary network information (CPNI).

Breaching telecoms allows hackers to execute more potent cyber attacks, such as swapping SIMs or porting phone numbers, to bypass multi-factor authentication and take over other online accounts.

Similarly, the information they obtain after breaching telecommunications companies allows them to craft more compelling phishing attacks targeting customers.

Attacks on telecommunications companies have prompted the Federal Communications Commission (FTC) to harmonize the industry’s data breach notification rules with other sectors.

In January 2024, the FTC published a Notice of Proposed Rulemaking (NPRM) to modernize telecommunications data breach reporting rules for cyber incidents involving customer proprietary network information.

The proposed changes include eliminating the seven-day waiting period before companies can notify customers of data breaches. This change would allow operators to disclose data breaches immediately upon discovery unless instructed otherwise by the feds.