Cyber Incident Victim: Magnet+
Date:
Apr 2024
Location:
Ireland
Summary
Magnet+ is investigating a potential cyber attack that may have compromised employee and customer personal data, including names, addresses, financial details, and service information. The company isolated affected back-office systems, preventing service disruptions, and notified impacted individuals while engaging cybersecurity experts and regulators to assess potential data exposure despite no current evidence of unauthorized access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 8, 2024, Magnet+ detected a potential cyber attack through its internal IT security systems, prompting an immediate investigation into a possible breach of its back-office infrastructure. The company disconnected all potentially compromised servers from its network to halt further unauthorized access, confirming that its telecommunications network and customer services remained fully operational throughout the incident. Impacted servers contained sensitive personal data of both employees and customers, including staff names, addresses, bank details, and employment-related information, as well as business and residential customer names, postal addresses, email addresses, telephone numbers, and service details. Magnet+ notified affected individuals—current and former employees, along with customers—whose data was at risk, adhering to Data Protection Commission (DPC) requirements and legal obligations under GDPR and SI 336 of 2011. The company emphasized there was no evidence confirming unauthorized third-party access to data but issued precautionary advisories to those impacted, urging vigilance against phishing attempts, spam, and unsolicited communications. Affected parties were instructed to change passwords reused across other platforms, including social media and banking apps, and to report suspicious financial activity to their banks or pension providers.
Magnet+ engaged third-party forensic and cybersecurity specialists to investigate the scope of the incident and determine whether data exfiltration occurred. The DPC confirmed it was notified of the potential breach and collaborated with the company to assess compliance with data protection regulations. Internal communications reviewed by The Irish Times detailed the company’s directives to staff regarding financial monitoring and credential security. No specifics on the number of affected individuals or the attack’s origin were disclosed, though Magnet+ confirmed all disconnected back-office systems were restored to full functionality. The incident did not disrupt the company’s core telecommunications services, which continued uninterrupted for residential, business, and enterprise clients across Ireland, Europe, and the US. Magnet+, rebranded in 2021 after Speed Fibre Group merged AirSpeed Telecom with the former Magnet Networks, maintained its focus on resolving the breach’s aftermath while coordinating with law enforcement and regulatory authorities.