Cyber Incident Victim: Yoigo
Date:
Apr 2023
Location:
Spain
Summary
The telecommunications provider Yoigo suffered a large-scale cyberattack that resulted in unauthorized access to its customers' personal data. The breach potentially exposed sensitive information, leading the company to warn clients of an increased risk of identity theft and phishing attempts. In response, the operator reinforced its technical security measures, modified its customer verification processes, and provided a dedicated contact number for those affected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around April 2, 2023, the Spanish telecommunications operator Yoigo, part of the MásMóvil Group, publicly disclosed it had experienced a large-scale cybersecurity incident. The company initiated contact with its customers to inform them that third parties external to the organization had potentially gained access to some of their personal data processed by Yoigo. The attack was executed with the objective of capturing sensitive information, which the attackers could then use to carry out identity usurpation attempts, commonly known as phishing. The company became aware that an intrusion into its databases had occurred, though the specific date of initial compromise was not publicly detailed in the immediate aftermath.
The primary impact of the incident was the confirmed access of sensitive personal customer data by the unauthorized actors. While the full scope and precise types of data exfiltrated were not exhaustively itemized in the initial communication, the breach was significant enough to warrant a widespread customer notification. The company's immediate concern centered on the risk of this information being misused for fraudulent activities. Yoigo explicitly warned its customers to be especially vigilant with emails, SMS messages, or phone calls received from seemingly known senders. The warning highlighted communications that requested information such as credit card details or customer area login credentials as particularly suspicious.
In response to the detected intrusion, Yoigo implemented several technical and procedural measures. The company reinforced its technical security systems to prevent a recurrence of the incident. From a customer management perspective, Yoigo modified the security information it requested during various processes. This change was a direct containment action designed to ensure that the criminals could not use the stolen information to gain further access to customer accounts or services. The company also stated it was vigilantly monitoring all its processes to detect any anomalies in line management and the contracting of new services, indicating an effort to identify any ongoing malicious activity using the compromised data.
Acknowledging the potential for customer inconvenience, Yoigo preemptively informed its user base that they might experience enhanced security checks during their interactions with the company in the subsequent days. The firm stated that customers might find its staff to be more insistent or that they might request additional verification steps to ensure the true identity of the account holder before proceeding with any management tasks. This was described as a necessary precaution to protect customers from further harm stemming from the initial data breach.
To address customer concerns and provide support, Yoigo established a dedicated communication channel. The company made available a freephone number, 900 622 434, with operating hours from Sunday to Monday, 9:00 a.m. to 9:00 p.m., to resolve any doubts related to the incident. Furthermore, Yoigo provided the email address for its Data Protection Officer, [email protected], as another point of contact for affected individuals. The company also directed its customers to external resources for additional support, specifically recommending that they contact the Instituto Nacional de Ciberseguridad (INCIBE) at the telephone number 017 to report the incident or seek guidance.
Yoigo's advisory included instructions for customers who might detect suspicious activity. The company urged users to report any suspected fraudulent movements to the police immediately. Furthermore, it strongly recommended that customers contact their banking entity without delay if they believed the criminals might have accessed financial data such as account numbers. This guidance was aimed at mitigating the secondary financial consequences that could arise from the theft of personal information, enabling rapid action to secure accounts and prevent monetary loss. The incident represented a significant breach at a major telecommunications provider, underscoring the persistent threat to entities holding vast amounts of personal customer data.