Telecommunications giant Colt Technology Services has confirmed that customer data was compromised in a sophisticated cyber attack that began on August 12, 2025.
The company disclosed that threat actors accessed sensitive files containing customer information and subsequently posted document titles on the dark web, prompting immediate containment measures and law enforcement notification.
Key Takeaways
1. Colt breached on August 12, customer data accessed, and document titles on the dark web.
2. Key platforms offline as precaution, customer networks secure.
3. Forensics engaged, law enforcement notified.
Customer Data Exfiltrated
The ransomware attack specifically targeted Colt’s business support systems, which the company emphasized remain segregated from customer infrastructure networks.
Upon detection at approximately 11:00 AM BST on August 12, Colt immediately activated its major incident response protocol and engaged external forensic investigators to assess the breach scope.
The threat actors successfully exfiltrated files from Colt’s systems before publishing the document titles on dark web forums, a common tactic used by ransomware groups to pressure victims into paying demands.
Colt has established a dedicated call center where customers can request lists of the specific filenames posted online to determine if their data may be affected.
As a precautionary measure, Colt proactively disabled multiple critical systems, including the Colt Online customer portal, Number Hosting APIs, and Colt On Demand Network-as-a-Service (NaaS) platform.
The company also suspended its Voice On Demand services and temporarily halted new service ordering capabilities to prevent further unauthorized access.
Mitigations
Colt’s incident response team has implemented comprehensive containment protocols, including enhanced access controls, improved detection capabilities, and strengthened security visibility across their infrastructure.
The company promptly notified the UK’s National Cyber Security Centre (NCSC) and law enforcement agencies to ensure regulatory compliance and leverage external expertise in the investigation.
The telecommunications provider has deployed specialist third-party investigation and forensic teams working around the clock to determine the full extent of the data compromise.
While customer-facing network services remain operational due to the segregated architecture, automated business processes have been temporarily suspended, resulting in extended response times for customer inquiries and service requests.
Colt has assured customers that authentication systems remain secure due to the architectural separation between business support and customer infrastructure environments.
The company continues providing customer support through dedicated phone lines and email channels across multiple regions, including the UK, France, and Germany, while working to restore full service capabilities.
Safely detonate suspicious files to uncover threats, enrich your investigations, and cut incident response time. Start with an ANYRUN sandbox trial →
Source link
