Polish telco confirms massive data breach

By on
Polish telco confirms massive data breach

Hackers post 14GB of customer data from Netia.

Poland's second largest telecoms operator Netia has confirmed that hackers stole large amounts of customer data in an attack last week.

The attack was launched on Thursday and impeded access to Netia's main webpage netia.pl until late in the evening, spokeswoman Lidia Marcinkowska said.

She said hackers may have gained access to some of its customer data after they managed to infiltrate two different customer contact forms on Netia's website.

"Netia's customers may be among those people [whose data was accessed]," Marcinkowska said, although the compromised data did not contain any client login or password data.

"Neither customer password nor logins have been accessed and are safe."

She said the data accessed by hackers contained the names of people who filled out forms, along with personal identification numbers as well as bank account numbers.

"Netia will contact every person whose data may have been stolen," Marcinkowska said.

A Twitter account claiming responsibility for the attack posted links to storage sites leading to the databases that contain around 14GB of data from Netia, dating from 2014. 

Information contained in the SQL databases include customer names, email and home addresses, phone numbers and more.

A large log file contained session identifiers associated with customer accounts. That information may allow attackers to establish connections with the Netia website database, without having to authenticate by providing user credentials.

Ukraine's far-right Pravy Sektor party, which is associated with the Twitter account that posted the links to the purloined databases, denied it was involved in the hack.

Pravy Sektor said the Twitter account was a fake and had no connection with the party.

Netia was unable to confirm whether the files posted came from the attack, Marcinkowska said, or pinpoint the country where the attackers were based.

The telco has referred the hack and data breach to the Polish authorities, and warned affected customers not to respond to phishing attempts asking for their personal information.

Tags:
data breach netia privacy security

Most Read Articles

Petya damage to TNT Express systems is likely permanent

Petya damage to TNT Express systems is likely permanent
Meet WooliesX, the new digital arm of Woolworths

Meet WooliesX, the new digital arm of Woolworths
AWS warns users about open S3 buckets

AWS warns users about open S3 buckets
Why you should care about the govt's encryption crackdown

Why you should care about the govt's encryption crackdown
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
Building platforms for future health and education
Building platforms for future health and education
Breach Level Index Report
Breach Level Index Report

Events

Log In

Username:
Password:
|  Forgot your password?