Polish telco confirms massive data breach

By on
Polish telco confirms massive data breach

Hackers post 14GB of customer data from Netia.

Poland's second largest telecoms operator Netia has confirmed that hackers stole large amounts of customer data in an attack last week.

The attack was launched on Thursday and impeded access to Netia's main webpage netia.pl until late in the evening, spokeswoman Lidia Marcinkowska said.

She said hackers may have gained access to some of its customer data after they managed to infiltrate two different customer contact forms on Netia's website.

"Netia's customers may be among those people [whose data was accessed]," Marcinkowska said, although the compromised data did not contain any client login or password data.

"Neither customer password nor logins have been accessed and are safe."

She said the data accessed by hackers contained the names of people who filled out forms, along with personal identification numbers as well as bank account numbers.

"Netia will contact every person whose data may have been stolen," Marcinkowska said.

A Twitter account claiming responsibility for the attack posted links to storage sites leading to the databases that contain around 14GB of data from Netia, dating from 2014. 

Information contained in the SQL databases include customer names, email and home addresses, phone numbers and more.

A large log file contained session identifiers associated with customer accounts. That information may allow attackers to establish connections with the Netia website database, without having to authenticate by providing user credentials.

Ukraine's far-right Pravy Sektor party, which is associated with the Twitter account that posted the links to the purloined databases, denied it was involved in the hack.

Pravy Sektor said the Twitter account was a fake and had no connection with the party.

Netia was unable to confirm whether the files posted came from the attack, Marcinkowska said, or pinpoint the country where the attackers were based.

The telco has referred the hack and data breach to the Polish authorities, and warned affected customers not to respond to phishing attempts asking for their personal information.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
data breach netia privacy security
In Partnership With

Most Read Articles

NSW puts digital driver's licence on a blockchain

NSW puts digital driver's licence on a blockchain
ANZ breaks out LEGO to bust staff silos

ANZ breaks out LEGO to bust staff silos
UNSW researchers find FTTP NBN worth the extra billions

UNSW researchers find FTTP NBN worth the extra billions
NSW transit officers can't check credit card tap-ons

NSW transit officers can't check credit card tap-ons
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

How to choose a trusted IT provider
How to choose a trusted IT provider
Why Business Process Modelling Matters
Why Business Process Modelling Matters
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies
The Cost of Cloud Expertise report
The Cost of Cloud Expertise report

Events

Log In

Username / Email:
Password:
  |  Forgot your password?