A third-party vendor of a US-based telecommunications firm Charter Communications was hit with a security breach, exposing numerous customer data to hackers. The company discovered the issue after finding a post in an underground hacking forum from a threat actor claiming they obtained data from Charter Communications.
The hackers had allegedly acquired the telecom firm’s customer database. The number of customers said to have been involved in the breach is approximately 550,000, with sensitive information ranging from full names, addresses, and account numbers.
Aside from the customers’ databases, the threat actor said they also obtained the American telco firm’s repairs and sales information.
In a statement, Charter Communications said that a security protocol is underway in response to the discovered threat incident. They also learned that one of their third-party vendors was involved in a breach that impacted them.
Charter Communications assured that customer proprietary network information and financial data are safe from exposure.
The telco firm, however, did not disclose which third-party vendor was in question about the security incident. No other comment was also released concerning the hack’s date of occurrence and its scope.
A couple of weeks before the Charter Communications incident was reported, the Federal Communications Commission (FCC) discussed a proposal about potentially changing and enhancing breach notification rules for telecommunication firms.
The discussion transpired after the commission realised that its rules established over 15 years ago are no longer compatible with the needs of the present time. The agency added that these times, telecommunication carriers hold massive amounts of customer data, including personally identifiable information, which must be protected further.
FCC also mentioned in the proposal how several telco giants, such as Verizon, AT&T, and T-Mobile, had been a victim of cyberattacks, which heightens the need to improve existing rules to protect sensitive consumer data from threat actors.
Moreover, FCC’s proposal ultimately highlights that the sector needed to review its data breach reporting rules, aiming to protect people better, increase security measures, and lessen the impact of future security breaches.