Colt Technology Services has confirmed that cybercriminals could leak customer data. This is despite previously claiming the recent cyber incident targeted an internal system separate from its customers’ infrastructure.
On August 14, the British telecommunications giant said it had taken some systems offline in response to a “cyber incident” that targeted an “internal system” that was disconnected from its customer-facing infrastructure.
This action has resulted in the disruption of some of the support services, including hosting and porting services, as well as Colt Online and Voice API platforms.
Customer Data Likely Compromised
In an update published on August 21, Colt admitted that the criminal group behind the hack “has accessed certain files from our systems that may contain information related to our customers and posted the document titles on the dark web.”
“Our immediate priority is to determine the precise nature of the files and what information they contain,” the company added.
In an unusual move, Colt also offered its customers the option to request a list of filenames posted on the dark web by calling the company’s dedicated call center.
Colt also notified its users that the support services it took offline were still unavailable as of August 21.
“It’s too early to give an exact timeline at the moment, but we’ll provide regular updates to keep you informed,” the company stated.
Warlock Intends to Auction the Compromised Data
Rather than publicly exposing stolen data, or at least a sample, as most ransomware gangs do in an approach called ‘double extortion,’ Warlock, the group that claimed the attack, is attempting to sell Colt’s compromised information in a private auction set to close on August 27.
Recently, Warlock also claimed responsibility for another cyber-attack against Orange Belgium.
According to several experts, including independent researcher Kevin Beaumont and Trend Micro researchers, Warlock ransomware operators have extensively targeted the Microsoft SharePoint ‘ToolShell’ vulnerability exploit chain to hit victims globally.