- Greek operator under fire, locally, over vulnerability leading to large-scale loss of customer details.
Cosmote Greece confirmed that it was conducting an “in-depth” investigation into the theft of data on potentially millions of phone calls.
The cyber-attack, which took place on 8 September, is said to have used the Remote File Inclusion technique to exploit a vulnerability and siphon off five days’ worth of customer call records (from 1–5 September). Cosmote discovered the breach during a subsequent systems check.
In a statement, the operator said the attack did not see customers’ names leaked — nor did it expose “call or message content, names or addresses, passwords, or credit cards and bank accounts information”.
However, the batch did contain a range of other information that could, theoretically, be highly sensitive to some users — including “phone number, day, time and duration of the call” and “device type, IMSI, age, gender, ARPU, base station coordinates and COSMOTE subscriber mobile tariff plan”.
National security concerns raised
Cosmote did not put a figure on how many people had been affected, but said the theft would have taken data on all customers that “made or received a call during this five-day period”. Local reports noted the attack would have gained information on calls to and from government officials.
While some reporting drew attention to the lag between the attack and the release of Cosmote’s statement, on 14 October, the operator said the delay was down to a need not to “jeopardise the incident’s thorough investigation and handling”.
Upon discovering the breach, it stressed it “immediately blocked the unauthorised access, took all necessary measures and informed the competent authorities from the very first moment as provided by the law”. “The investigation of the incident is ongoing and until now, there is no indication of publication or other use of the illegally obtained file”, it added.
What Cosmote faces in terms of legal and regulatory pushback for the breach is not yet clear.
The attack is the second major cyber security incident to hit a Deutsche Telekom NatCo in recent weeks. Magyar Telekom said in late-September that it had repelled a large-scale distributed denial-of-service attack on its systems and those of some Hungarian banks, albeit with some reported short-term disruption to services.