COSMOTE MOBILE TELECOMMUNICATIONS S.A. announces that during systems' checks, an unauthorized file export from the company’s system was detected, as a result of a cyber-attack. This file contained elements of information, without names/surnames, on the calls made or received by mobile subscribers during the five-day period between 1-5/9/2020, and specifically: phone number, day, time and duration of the call. The file also included device type, IMSI[1], age, gender, ARPU[2], base station coordinates and COSMOTE subscriber mobile tariff plan. This data is used by the company for network and customer service optimization.
The file did not contain call or message content, names or addresses, passwords, or credit cards and bank accounts information.
No action is required by the customers.
The company immediately blocked the unauthorized access, took all necessary measures and informed the competent Authorities from the very first moment as provided by the law. The investigation of the incident is ongoing and until now, there is no indication of publication or other use of the illegally obtained file.
Cyberattacks occur on an everyday basis across the globe, targeting the technology systems of companies, organizations and institutions.
The company's cybersecurity systems refute more than 500,000 malicious third-party attacks and denial of service (DDoS) attacks each month.
1. What happened?
During systems' checks, an unauthorized file export from the company’s system was detected, as a result of a cyber-attack
2. When did the file export happen?
On September 8th, just before the systems' check.
3. What was included in the file?
This file contained elements of information, without names/surnames, on the calls made or received by mobile subscribers during the five-day period between 1-5/9/2020, and specifically: phone number, day, time and duration of the call. The file also included device type, IMSI, age, gender, ARPU, base station coordinates and COSMOTE subscriber mobile tariff plan. This data is used by the company for network and customer service optimization.
The file did not contain call or message content, names or addresses, passwords, or credit cards and bank accounts information.
4. Was there any access to the content of the calls?
Absolutely not.
5. How many customers were affected?
Customers that made or received a call during this 5-day period.
6. Did this also affect customers of other telco providers?
The file contains only the mobile number of any user making or receiving a call by a company customer during the specific 5-day period.
7. I am a COSMOTE Mobile customer. What should I do?
No action is required by customers.
8. I need more information. What should I do?
You may follow the identification procedure as provided by the law, by clicking here.
9. How did the company handle the incident?
The company immediately blocked the unauthorized access, took all necessary measures and informed the competent Authorities from the very first moment as provided by the law.
10. What did hackers do with the file?
The investigation of the incident is ongoing and until now, there is no indication of publication or other use of the illegally obtained file.
11. How did they manage to infiltrate the company systems?
Cyberattacks occur on an everyday basis across the globe, targeting the technology systems of companies, organizations and institutions.
The company's cybersecurity systems alone, prevent more than 500,000 malicious third-party attacks and denial of service (DDoS) attacks each month.
In this case, the findings indicate that the attack commenced using the Remote File Inclusion (RFI) technique.
12. The attack was detected on Sept. 8th. Why do you publicize the incident now?
The immediate disclosure of the attack would jeopardize the incident’s thorough investigation and handling. The company immediately blocked the unauthorized access, took all precautionary measures and informed the competent Authorities from the very first moment, as provided by law.
13. When will the investigation be concluded?
Initial investigation is concluded. In-depth investigation is ongoing.
[1]International Mobile Subscriber Identity
[2]Average Revenue per User