Cyber Incident Victim: Aerial Direct

On or around February 26, 2020, an unauthorized third party accessed customer data stored in an external backup database managed by Aerial Direct, a major UK business communications partner of mobile network O2. The breach involved personal information from both current and former subscribers spanning the previous six years. Compromised data included names, dates of birth, business addresses, email addresses, phone numbers, and product information, though the company confirmed no passwords or financial details were exfiltrated. Aerial Direct detected the incident promptly and terminated system access to contain the intrusion. The organization initiated a comprehensive investigation with external cybersecurity experts to determine the attack's scope and methodology. It formally reported the breach to the UK Information Commissioner's Office (ICO) in compliance with regulatory obligations.

Aerial Direct, headquartered in Fareham, England, served over 130,000 business customers as O2's largest direct UK partner at the time, providing mobile, fixed-line, broadband, and conferencing services. The company established a dedicated support webpage advising affected customers to change account passwords and monitor financial statements for suspicious activity, recommending direct contact with banks if irregularities were detected. Its 2018 financial filings showed annual revenues of £21.6 million with £6.9 million in EBITDA, indicating its substantial market presence. The breach notification emphasized ongoing efforts to analyze the attack vector while maintaining operational continuity for client services. No additional technical details regarding the backup system's architecture or the attackers' entry method were disclosed publicly.