Cosmote Suffered a Data Breach but Kept It Secret for Over a Month

• The largest telco in Greece has had key network and subscriber data stolen by hackers.
• The firm kept the security incident a secret for 40 days until their investigation was concluded.
• The exfiltrated files include call logs and base station location data, so the hackers could correlate phone numbers with organizations.

Cosmote, the largest mobile network operator in Greece, has suffered a catastrophic data breach that took place between September 1 and 5, 2020. The telco realized this on September 9, 2020, and has opted to keep the event secret until now to investigate the impact it had on its customers and services.

As the company confirms now, remote file inclusion (RFI) attacks that were launched from Lithuanian infrastructure have resulted in the exfiltration of files from its systems, but no sensitive PII like customer names or payment details were accessed.

Cosmote was obliged by law to inform the data protection and communications confidentiality authority, and the latter has already formed a team of experts who visited the companies premises to conduct an investigation.

As it has been confirmed now, the following data has been accessed by hackers:

• Logs for calls made through cellular network
• Logs for calls received by mobile subscribers
• Phone numbers who communicated with the subscribers
• Dates, times, and duration of the calls
• Device type
• International Mobile Subscriber Identity (IMSI)
• Subscriber age
• Subscriber gender
• Average revenue per user (ARPU)
• Base station coordinates
• Mobile subscriber program

Cosmote mostly uses the above for network optimization and better service provision, but it could still be useful in the hands of scammers, phishing actors, and blackmailers. Many of these logs may contain information that the subscribers would want to keep private, so extortion is always a possibility even if one has “rough” data about the target.

Read More: “Panion” Social Media App Exposed User Location Data

For example, calling a particular number you weren’t supposed to or being somewhere you shouldn’t be can be determined by these logs, and while this will take some digging for malicious actors to exploit, they can always be used as a fuel for social engineering. That said, if you are a Cosmote customer, you should stay alert and handle incoming communications with extra care.

The Greek state fears that the hackers may use the base station location data to correlate numbers with key places and find out which ones belong to high-ranking state and army officials, government members, etc. This constitutes a matter of national safety, and so a lot was done in secrecy during these 40 days to mitigate the associated risks on the most critical levels.