Dive Brief:
- Frontier Communications said an April cyberattack exposed the personal data of more than 751,000 people, in a disclosure with the Maine Attorney General.
- Frontier previously said a suspected cybercrime group was behind the attack and noted the attack led to a disruption of its operations, which could be deemed to be material, according to the April filing with the Securities and Exchange Commission.
- Frontier said it detected the attack on April 14 and contained the damage from the incident, which impacted its IT network.
Dive Insight:
Frontier Communications, based in Dallas, is a major provider of phone and internet services and calls itself the largest pure-play fiber provider in the U.S.
The RansomHub threat group claimed credit for the attack earlier this month, but said it had a larger cache of personal data, according to Brett Callow, threat analyst at Emsisoft. Callow posted screenshots of the allegedly stolen data on the social media platform X, which RansomHub claimed were from the attack.
A relatively new group, RansomHub has been linked to some of the largest cyberattacks across the globe since earlier this year. The group claimed about 45 victims from early February through the end of April, according to an analysis by Forescout. Out of the 45 total claimed victims, 13 were in the U.S.
Researchers from Forescout linked RansomHub to the Change Healthcare attack, which caused weeks of significant disruption to hospitals and prescription drug access across the U.S.
RansomHub, which operates as a ransomware as a service operation, is a rebranded version of Knight ransomware, Symantec said Wednesday in a report.
In the SEC filing, the telecom firm said they did not expect the attack to have a material impact on financial results. Officials from Frontier Communications were not immediately available for comment.