Telecoms company Frontier Communications announced that a cyberattack, which took place in mid-April and had been previously reported, exposed the data of over 750,000 customers.
The Dallas-based firm disclosed information following reports that an extortion group identified Frontier as a victim of data theft, exposing the full names and Social Security numbers of some customers.
In a notification to Maine’s Attorney General, the Internet Service Provider reported that a data breach impacted 751,895 individuals. The company states that it is in the process of issuing data breach notices to those affected while the hacking group believed to be responsible is preparing to sell the stolen data.
The company has said that it will provide one year of complimentary credit monitoring and identity theft services to all impacted customers. However, it stated that it “does not believe” any customer financial information was compromised in the breach.
BleepingComputer reports that the RansomHub ransomware group claimed responsibility for the cyberattacks that took place in April and on June 4. The group announced on its dark web extortion portal that it has targeted Frontier, threatening to release 5GB of data reportedly taken during the attack. This data is said to include the personal information of two million customers.
The hackers have set a deadline of June 14 for the company to respond to their demands. They threaten to sell the data to the highest bidder if their conditions are not met.
The company detected the attack on April 14 and subsequently took “containment measures, which included shutting down certain of the company’s systems,” according to a prior filing with the U.S. Securities and Exchange Commission, as stated by Frontier.
Who is RansomHub?
Security firm Symantec states that RansomHub is a newly emerged Ransomware-as-a-Service (RaaS) that has quickly ascended to become one of the most prominent ransomware collectives. It appears to be a revamped and renamed version of the older Knight ransomware.
Symantec’s analysis of the RansomHub payload shows many similarities with Knight, indicating that RansomHub likely evolved from Knight.
Although RansomHub shares its origins with Knight, it is unlikely that the original developers of Knight are behind RansomHub. The source code for Knight, previously known as Cyclops, was put up for sale on dark web forums in February 2024 following the decision by its developers to cease their activities. This suggests that new parties may have bought and changed the Knight source code to create RansomHub.
Featured image: Canva / Ideogram