Cyber Incident Victim: Eir
Date:
Dec 2016
Location:
Ireland
Summary
A telecommunications provider experienced a security breach affecting broadband modems, compromising at least 2,000 devices through a computer virus. The incident involved vulnerabilities in specific Zyxel modem models distributed to customers. The company advised impacted users to immediately reset both modem administration and WiFi passwords to mitigate risks. Direct notifications were sent via physical mail and electronic communication detailing remediation steps. This breach exclusively targeted a limited subset of customer-premises equipment, prompting urgent credential updates across the affected user base.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around December 5, 2016, Irish telecommunications provider Eir disclosed a security breach affecting broadband customers using specific modem models. The incident involved unauthorized access to customer modems through a security vulnerability identified in Zyxel D100 and Zyxel P-660HN-T1A devices distributed by the company. Eir confirmed that a computer virus had compromised at least 2,000 modems, though the breach was described as affecting only a "limited number" of these devices. The vulnerability enabled attackers to gain administrative access to the modems, potentially compromising both device management controls and home network security. Eir initiated direct customer notifications through physical letters and emails advising immediate remedial actions.
The company's primary response involved instructing affected customers to reset both their modem administration passwords and WiFi passwords as urgent protective measures. Eir emphasized these steps as critical security precautions but did not disclose technical specifics about the virus or the exploitation method. No customer data theft or service disruption was explicitly reported in the available information. The incident response focused exclusively on mitigating risks through credential resets rather than modem replacements or firmware updates. Eir directed customers to a dedicated online resource for additional guidance but did not indicate whether third-party cybersecurity assistance was involved in the investigation or remediation. The breach remained confined to the two identified Zyxel modem models within Eir's customer base.