Frontier Communications is warning 750,000 customers that their information was exposed in a data breach after an April cyberattack claimed by the RansomHub ransomware operation.

Frontier is a leading U.S. communications provider that provides gigabit Internet speeds over a fiber-optic network to millions of consumers and businesses across 25 states.

The telecommunications provider says it suffered a cyberattack in mid-April 2024, allowing hackers to access customers' personal information stored on its systems. 

"On April 14, 2024, we detected unauthorized access to some of our internal IT systems," reads the data breach notification sent to impacted customers.

"Our investigation identified your personal information among the data affected by this incident."

The sample of the notice submitted to the Office of the Maine AG has censored the types of data exposed in this incident, but full names and Social Security Numbers (SSNs) were confirmed as breached for 751895 customers.

The telco clarifies that no customer financial information was exposed due to this breach.

Frontier says it has informed the regulatory authorities about the security breach and implemented additional measures to strengthen its network security. Investigations on the incident's impact are currently underway.

The company enclosed instructions on enrolling in one year of free credit monitoring and identity theft services through Kroll, which impacted clients are recommended to take up as soon as possible.

While Frontier did not share many details about the incident in their notification, at the time, the company was forced to shut down some of its systems to contain the attack and prevent it from impacting other devices on the network.

Many customers also reported that their Internet connection had been down during the attack, with the support phone numbers playing prerecorded messages instead of redirecting to a human operator.

RansomHub claimed the attack

These data breach notifications come after the RansomHub extortion group claimed responsibility earlier this week for the attack on Frontier.

On Tuesday, June 4, RansomHub added Frontier Communications to its extortion portal on the dark web, threatening to leak 5GB of data allegedly stolen during the attack, containing the information of 2 million customers.

A screenshot (redacted below) contains customer information, such as full name, date of birth, physical address, social security number, email address, subscription status, and service notes. 

The threat actors have given Frontier until June 14 to respond to their demands, or they will sell the data to a single buyer, the highest bidder.

If you are a Frontier customer, it is advisable to treat unsolicited communications with caution, refrain from sharing information with people you don't know, reset your account passwords, and monitor bank statements.

RansomHub was recently exposed as a likely buyer of the Knight ransomware source code, but they rarely use encryption in their attacks, typically limiting the scope to data-theft-based extortion.

In the case of Frontier Communications, there's no mention of encryption or reports about service outages apart from those linked to the containment measures in mid-April.