Frontier has notified approximately 750,000 of its customers of a data breach conducted by a ransomware group in April. These types of hacks seem to be commonplace for large companies, as we seem to be reporting on something like this happening every other day.
What makes the Frontier hack particularly concerning, though, is that customers' full names and Social Security numbers were stolen, as reported by Bleeping Computer. The hackers also claim to have even more information on Frontier's customers, though having the Social Security numbers is about as bad as it gets.
According to the letter Frontier submitted to the Office of the Maine Attorney General and sent to affected customers, the attack allowed hackers to access 751,895 people’s personal data on the company's systems in total. Frontier is offering those with information in the attack one year of free credit monitoring and identity theft services, which is a small consolation for those who had their Social Security numbers and other personal data stolen. Still, at least it allows the customers to see if their stolen data is being used for anything malicious.
The attack allowed hackers to access 751,895 people’s personal data on the company's systems in total.
A ransomware group executed the hack, and it is threatening to release the information on all the customers unless Frontier receives money. The hackers say they'll release all of the information if they're not paid by June 14, which is right around the corner.
The group actually accepted responsibility for the attack on June 4. They claim to have information on more than two million customers, which is more than double the number Frontier officially notified and included in its statement. They claim the full dataset includes each customer's full name, physical address, date of birth, social security number, email address, credit score and phone number.
Since the attack, Frontier claims to have bolstered its network security and notified regulatory authorities and law enforcement. According to a securities filing, the company was forced to shut down some of its systems to contain the incident. The company hasn't said whether it intends to meet the hackers' demands or how much money the ransomware group is demanding.
