OTE Group

Company

Telecommunications and communications
Since 1949
Europe

Content

History
- 2022: €3.25 million fine for silent about customer data leak
Notes

History

2022: €3.25 million fine for silent about customer data leak

On February 1, 2022, it became known that the Greek data protection authority imposed a fine of €5.85 million on COSMOTE and €3.25 million on OTE for leaking confidential customer information due to a cyber attack.

According to the regulator, COSMOTE violated at least eight articles of the General Regulation on the Protection of Personal Data (GDPR), including violating its obligation to inform affected customers about the true consequences of the incident.

OTE and COSMOTE are part of the OTE Group, which is the largest telecommunications company in Greece, offering fixed and mobile telephony, broadband services.

Greece's largest telecom company OTE will pay millions to keep silent about customer data leakage

An internal investigation conducted by COSMOTE in 2020 showed that the hacker used social engineering and contacted one of the employees through LinkedIn, and then used gross coercion tools to obtain target account data.

According to the results of the investigation, the attacker repeatedly used the Lithuanian IP address to access one of the OTE servers. The attacker used his credentials five times to steal database files. The size of the stolen data was 48 GB.

COSMOTE stores call information on its servers for 90 days to ensure quality of service and maintains an anonymous version of the data for another 12 months for statistical analysis that helps in targeted service improvement.

As an investigation by the Data Protection Authority found, the anonymization process was not performed properly, and data retention periods were not carefully observed.

The compromised server contained confidential subscriber data and call data for the period from September 1, 2020 to September 5, 2020.

In particular, open parts include the following:

Approximate location data of 4,792,869 COSMOTE subscribers;
Age, sex, rate plan and ARPU 4,239,213 unique COSMOTE subscribers;
MSISDN/CLI 6,939,656 subscribers of other telecommunications providers who interacted with COSMOTE clients;
MSISDN, IMEI, IMSI and location of connected towers for 281,403 COSMOTE subscribers in roaming.

Information obtained by attackers can be used for targeted social engineering, phishing and even extortion in some cases.^[1]

Notes

↑ Telco fined €9 million for hiding cyberattack impact from customers

Источник — «https://tadviser.com/index.php/Company:OTE_Group»

The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article
If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible.

Simple Link

How to create a "smart plant": Key characteristics of a modern digital enterprise 8500

Model Studio CS: How to use BIM to give new impetus to the development of the fuel and energy complex 6800