An unknown cybercrime group disrupted Frontier Communications’ operations, according to an 8-K filing the company made with the U.S. Security and Exchange Commission (SEC).
Was the incident material? While the company's 8-K report indicated that it had to shut down some systems, resulting in an “operational disruption that could be considered material,” Frontier said that it does not believe the incident is likely to materially impact its financial condition or results of operations.
The SEC put in place new rules in December 2023 requiring companies to disclose security incidents in an 8-K document within four business days.
The requirement also calls for businesses disclose on an annual basis “material” information regarding their cybersecurity risk management, strategy and governance to better inform investors.
The Frontier Cybersecurity Incident Details
Frontier said in its 8-K that it “detected that a third party had gained unauthorized access to portions of its information technology environment.” Upon detection, Frontier Communications initiated its previously established cyber incident response protocols and took measures to contain the incident.
The company subsequently shut down some systems, resulting in an operational disruption. Based on the its investigation, Frontier determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information.
Frontier believes it has contained the incident and has restored its core information technology environment and is in the process of restoring normal business operations, it said in its 8-K filing.
Frontier said in the filing that it continues to investigate the incident, has engaged cybersecurity experts and has notified law enforcement authorities.
As of April 24, Frontier Communications’ website appeared to be functioning normally. Frontier is a Fortune 500 company and one of the nation’s largest telecommunications companies, according to its website. Incorporated in 1935, Frontier owns and operates an expansive fiber network reaching 25 US states and is a provider of internet, TV and phone services.
Cequence Security Offers Expert Analysis
Jason Kent, Hacker in Residence for Cequence Security, an API security specialist, said that now that the SEC is requiring material filings for cyber incidents, it offers a window about what really is happening to corporations on a daily basis.
“As they (Frontier Communications) shut their systems down, it looks like possibly an auth system attack,” Kent said. “They learned that some customer data, including PII (personally identifiable information), had been lost. This points out the real need for transaction-by-transaction vetting and accounting no matter the scale or speed of the system utilization.”
Kent advised that all organizations should be watching for every transaction that enters their systems, have a good way to detect possible lateral movement within their environments and be able to lock down an intrusion quickly.
“Frontier is fighting a tough game,” he said. “Hopefully, they will disclose the initial breach methodology so we all can tighten up our posture and learn from this attack."
