Colt Data Breach: Customer Information Compromised in Cyber-Attack
▼ Summary
– Colt Technology Services confirmed that cybercriminals may leak customer data, contradicting earlier claims that the incident only affected internal systems.
– The company took some support services offline on August 14, disrupting hosting, porting, and API platforms, which remained unavailable as of August 21.
– Colt admitted that hackers accessed files potentially containing customer information and posted document titles on the dark web, with the company prioritizing analysis of the files.
– The criminal group Warlock, which claimed responsibility, is attempting to auction the compromised data privately rather than using typical double extortion tactics.
– Warlock has exploited the Microsoft SharePoint ‘ToolShell’ vulnerability in global attacks, including a recent incident against Orange Belgium.
Colt Technology Services has confirmed a significant data breach potentially exposing sensitive customer information, despite initial assurances that the cyber-attack was confined to internal systems. The British telecommunications provider now acknowledges that unauthorized actors accessed files which may contain client-related data, with some document titles already appearing on dark web forums.
Earlier this month, on August 14, Colt took several systems offline in response to what it described as a targeted cyber incident affecting an internal network. At the time, the company emphasized that customer-facing infrastructure remained isolated and secure. This precautionary measure, however, led to disruptions in key support services, including hosting, porting, and access to the Colt Online and Voice API platforms.
In a follow-up statement released on August 21, the company revised its position, revealing that the attackers had indeed accessed files that could include customer information. Colt is now urgently working to determine the full scope and content of the compromised data. In an uncommon step, the firm is offering customers the opportunity to contact a dedicated call center to request details about the specific filenames leaked online.
Support services remain partially unavailable as of the latest update, with no definite timeline for restoration. Colt has committed to providing regular progress reports as the investigation continues.
The hacking group known as Warlock has claimed responsibility for the intrusion and is taking an unusual approach to monetizing the stolen data. Instead of following the typical “double extortion” model, where ransomware groups publicly leak samples, Warlock is organizing a private auction for the information, scheduled to conclude on August 27.
This group has also been linked to a recent attack on Orange Belgium, suggesting a pattern of high-value targets. Cybersecurity experts, including independent researcher Kevin Beaumont and analysts from Trend Micro, note that Warlock has aggressively exploited vulnerabilities in Microsoft SharePoint, specifically the ‘ToolShell’ exploit chain, to carry out global attacks.
(Source: Info Security)
