Cyber Incident Victim: Cosmote

In early September 2020, Cosmote, Greece’s largest mobile network operator, experienced a cyber attack that compromised customer data over a five-day period from September 1 to September 5. The breach involved unauthorized access to telecommunications records through an intrusion traced to a third country, with Lithuania identified as the most likely origin point. Attackers exfiltrated a file containing granular call detail records and subscriber information from Cosmote’s systems. The company publicly disclosed the incident on October 16, 2020, confirming the exposure of thousands of customers’ data but emphasizing that names and surnames were not included in the compromised dataset. The intrusion timeline and geographic attribution were confirmed during Cosmote’s investigation, though specific technical vectors used by the attackers remained undisclosed.

The breached file contained multiple categories of sensitive subscriber information, including telephone numbers, dates, times, and durations of calls made or received during the attack window. Additionally, it exposed device types, International Mobile Subscriber Identity (IMSI) numbers, demographic attributes such as age and gender, and commercial metrics like Average Revenue Per User (ARPU). The dataset also incorporated network infrastructure details through base station coordinates and specifics about subscribers’ mobile tariff plans. While the absence of direct personal identifiers mitigated immediate identity theft risks, the combination of technical and behavioral metadata created significant privacy concerns due to potential profiling capabilities. Cosmote did not report whether the data appeared in illicit forums or whether regulatory penalties resulted from the breach, focusing its communication on the factual scope of the exposure as verified through internal forensic analysis.