Frontier Communications

Yesterday, Frontier Communications Parent, Inc. began notifying 751,895 people of a data breach following unauthorized access to its systems on April 14, 2024. This comes after ransomware group RansomHub posted the company to its data leak site over the weekend.

RansomHub alleged to have stolen more than 2 million customer records and suggested it had given Frontier Communications two months to negotiate but that it had failed to do so.

RansomHub claim on Frontier Communications

In its data breach notification, Frontier Communications confirms that Social Security Numbers were among the data affected. It is also offering a year’s worth of credit monitoring services via Kroll. We highly recommend those affected use this service and remain highly vigilant for any potential phishing emails, texts, or calls.

In a previous 8-K SEC filing, Frontier Communications had described the incident as follows:

On April 14, 2024, Frontier Communications Parent, Inc. (the “Company”) detected that a third party had gained unauthorized access to portions of its information technology environment. Upon detection, the Company initiated its previously established cyber incident response protocols and took measures to contain the incident. As part of this process, the containment measures, which included shutting down certain of the Company’s systems, resulted in an operational disruption that could be considered material. Based on the Company’s investigation, it has determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information.

Frontier Communications hasn’t described the attack as ‘ransomware’ or how the attackers were able to infiltrate its systems. Comparitech has contacted it for more information, including to ask whether RansomHub’s claims are true and what the alleged ransom demand was. We will update this article if we receive a response.

Who is RansomHub?

RansomHub employs a ransomware-as-a-service model and has recently been linked to the now-defunct ransomware group, Knight. RansomHub has grown in notoriety in recent months, being behind some of the biggest ransomware attacks this year so far. This includes its attack on UK-based NRS Healthcare and Christie’s auction house. It also claimed to be in possession of the data stolen in the Change Healthcare attack, despite the company having already paid a $22 million ransom to ALPHV/BlackCat.

So far this year, we have tracked nine confirmed and 66 unconfirmed attacks via RansomHub.

Ransomware attacks on utilities providers

Based on the number of records affected, this attack on Frontier Communications is the second-largest ransomware attack since 2018. With nearly 752,000 records involved, it is beaten only by Australian company, Optus, which was hit by an attack in September 2022 affecting around 9.8 million records.

In most cases, ransomware attacks on utility companies seek to cause disruption by encrypting key systems. This is arguably a more ‘fruitful’ method of securing a ransom payment as utility companies can ill afford downtime. However, as ransomware gangs are increasingly following a double-extortion technique, companies with troves of customer data, like Frontier Communications, are an attractive target.

So far this year, we have logged 12 confirmed attacks on the utilities sector with 1,027,801 records involved. In 2023, we tracked 34 attacks affecting 318,781 records. We are also monitoring a further 40 unconfirmed attacks on utility companies.

More about Frontier Communications Parent, Inc.

With a head office in Dallas, Texas, Frontier Communications is an American telecommunications company with over 2 million customers. It was previously known as Citizens Utilities Company, Citizens Communications Company, and Frontier Communications Corporation.