fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Telco Fined €9 million for Hiding Cyberattack Impact from Customers

Telco Fined €9 million for Hiding Cyberattack Impact from Customers

The Greek data protection authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication due to a cyberattack.

As the agency says in an announcement, COSMOTE infringed at least eight articles of the GDPR, including violating its duty to inform affected customers of the true impact of the incident.

OTE (Hellenic Telecommunications Organization) and COSMOTE belong to the same entity, OTE Group, which is the largest technology company in Greece, offering fixed and mobile telephony, broadband, and network communication services.

Also Read: PDPA Meaning: Know Its Big Advantages In Businesses

The hacking incident

An internal investigation conducted by COSMOTE in 2020 revealed that a hacker social engineered one of its employees through LinkedIn and later used brute-forcing tools to derive the target’s account credentials.

According to the findings of the investigation, the adversary used a Lithuanian IP address for accessing one of OTE’s servers repeatedly.

The threat actor leveraged the account credentials to steal database files on five separate occasions. The size of the stolen data amounted to 48GB.

COSMOTE keeps call details on its servers for 90 days for service quality assurance, and maintains an anonymized version of the data for another 12 months for statistical analysis that helps in targeted service improvement.

As the data protection authority probe discovered, the anonymization process wasn’t properly done, and the data holding periods weren’t strictly respected.

Also Read: What Is PDPA And What Are The 5 Things You Should Know About

The impact

The compromised server contained sensitive subscriber details and call data that concerned the period between September 1, 2020, and September 5, 2020.

More specifically, the exposed details include the following:

  • Rough positional data of 4,792,869 unique COSMOTE subscribers.
  • Age, gender, plan, and ARPU of 4,239,213 unique COSMOTE subscribers.
  • MSISDN/CLI of 6,939,656 users of other telecommunication providers who communicated with customers of COSMOTE.
  • MSISDN, IMEI, IMSI, and connected tower position for 281,403 roaming subscribers of COSMOTE.

The above information could be used for highly targeted social engineering, phishing, and even extortion in some cases.

Still, the impact of the hacking incident could be significant for targeted subscribers who may be high-interest individuals.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us