Cyber Incident Victim: Lumen Technologies
Date:
Mar 2023
Location:
United States of America
Summary
Lumen Technologies experienced two separate cybersecurity intrusions, including a ransomware attack impacting servers supporting a segmented hosting service, causing operational degradation for a small number of enterprise customers. A distinct incident involved unauthorized access to internal IT systems, leading to malware installation and theft of a limited amount of unspecified data. The company, which operates in over 60 countries, discovered the intrusions after deploying enhanced security measures and notified law enforcement and affected customers while engaging forensic firms for investigation and containment. It assessed that the incidents would not materially impact its operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 27, 2023, multibillion-dollar telecommunications firm Lumen Technologies disclosed two distinct cybersecurity intrusions in a regulatory filing with the U.S. Securities and Exchange Commission. The first incident involved a ransomware attack detected during the preceding week when a malicious actor inserted malware into a limited number of servers supporting the company's segmented hosting service. This compromise caused operational degradation for a small subset of Lumen's enterprise customers, though the organization did not specify the ransomware variant used, the full scope of affected systems, or potential attribution to a known threat group. In a separate intrusion unrelated to the ransomware event, an attacker gained access to Lumen's internal information technology infrastructure, deploying malware that enabled the exfiltration of a "relatively limited amount of data." The company did not disclose the nature of this stolen information or specify when either intrusion initially occurred, though discovery followed implementation of enhanced security monitoring software.
Lumen engaged external forensic specialists to investigate both incidents while coordinating with law enforcement agencies and directly notifying impacted customers. The organization stated its analysis indicated neither event would materially affect its financial position or operational capabilities, though the ransomware incident continued to cause service disruptions for certain enterprise clients at the time of disclosure. Based in Monroe, Louisiana, the telecommunications provider—formerly known as CenturyLink—delivers networking, cloud, security, and communication services to business customers across more than 60 countries. Market reaction appeared neutral following the disclosure, with Lumen's stock price rising approximately 5% on the day of the SEC filing, reflecting a market capitalization of $2.5 billion. The company maintained operational continuity for the majority of its systems and customer base throughout both security events.