A data breach has been discovered by the European Telecommunications Standards Institute (ETSI), wherein hackers gained access to a database containing a list of portal users. The incident was made public by ETSI last week. The motive behind the attack remains unclear, as it is still uncertain whether the hackers were after financial gain or if they intended to use the user list for espionage purposes.
ETSI is an independent, non-profit organization based in Europe. Its main focus is on developing international standards for information and communications technology (ICT) and telecommunications, including technologies like GSM, 3G, 4G, and 5G. In the rapidly evolving world of telecommunications and digital technologies, ETSI plays a crucial role in ensuring interoperability, compatibility, and efficient communication. It boasts over 900 organizations from 65 different countries as its members.
The French National Cybersecurity Agency (ANSSI) collaborated with the French-based ETSI in investigating the breach. ANSSI, along with ETSI’s IT team, worked together to analyze and resolve the issues within the information systems after the cyberattack was detected on the ETSI portal, which is dedicated to the work of its members. The ETSI stated that the vulnerability exploited in the attack has been patched.
According to the ETSI’s data breach notification, it believes that the database containing the list of online users has been exfiltrated. In response to the attack and under the guidance of ANSSI experts, ETSI has taken additional security measures and significantly strengthened its IT security procedures. While the company declined to comment on whether the vulnerability was known or unknown at the time of the attack, it has urged all online users to change their passwords as a precautionary measure. However, it remains unclear if user credentials were included in the stolen information.
Luis Jorge Romero, the Director-General of ETSI, referred to the attack as a “crisis” in a statement posted on the organization’s website. He expressed gratitude towards ANSSI for their assistance in determining the necessary remedial actions and enhancing the security of their systems. Romero emphasized the importance of transparency, stating that it lies at the core of ETSI’s governance and technical work.
Upon discovering the breach, ETSI promptly notified the French data protection authority, and a judicial inquiry is currently underway. This inquiry represents the investigative stage of criminal proceedings in France. ETSI is fully cooperating with the authorities in their investigation.
In conclusion, the European Telecommunications Standards Institute has suffered a data breach, exposing a database containing the list of its portal users. The motive behind the attack remains unclear. ETSI, along with the assistance of the French National Cybersecurity Agency, has taken immediate steps to investigate and resolve the issues. Furthermore, they have strengthened their IT security procedures and notified the relevant authorities. ETSI is committed to maintaining transparency and maintaining the highest level of security for its systems.