Cyber Incident Victim: Bandwidth.com
Date:
Sep 2021
Location:
United States of America
Summary
Bandwidth.com suffered a distributed denial-of-service (DDoS) attack disrupting its voice-over-IP services, causing widespread outages affecting voice calls, messaging, Enhanced 911 functionality, and customer portal access. The incident impacted numerous downstream VoIP providers, including Twilio and RingCentral, with intermittent service restoration followed by renewed attacks after a brief pause—consistent with threat actors potentially leveraging extortion tactics. The company confirmed the DDoS origin, mitigated significant harm, and maintained continuous remediation efforts while acknowledging severe operational consequences for clients reliant on its mission-critical communications infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Bandwidth.com, a prominent voice over Internet Protocol (VoIP) provider serving businesses and resellers, began experiencing service disruptions on September 25, 2021, at 3:31 PM EST. The company initially reported unexpected failures affecting voice and messaging services through its status page, activating all teams to investigate the incident. Over subsequent days, the outages expanded to impact Enhanced 911 (E911) services, messaging systems, and customer portal access. As Bandwidth serves as a critical infrastructure provider for numerous VoIP companies, the incident triggered widespread service impairments across the telecommunications sector. Multiple downstream providers including Twilio, Accent, DialPad, Phone.com, and RingCentral reported outages, with some explicitly attributing disruptions to Bandwidth's issues while others referenced problems with an unspecified upstream provider. Accent's status page warned customers to prepare for potential inbound service impairments over a 12-16 hour window due to concerns about recurring attacks.
Bandwidth temporarily restored services by the evening of September 27, though the resolution's cause remained unclear—with no confirmation whether attackers ceased operations or received extortion payments. The reprieve proved short-lived as distributed denial of service (DDoS) attacks resumed on Tuesday morning. Bandwidth subsequently confirmed the outages resulted from a "rolling DDoS attack" targeting their infrastructure and other communications providers, acknowledging significant customer impacts while detailing ongoing mitigation efforts. The company maintained continuous status updates through its portal and committed to around-the-clock response operations until fully resolving the incident and implementing future protections. Service restoration benchmarks included maintaining normal operations for 72 consecutive hours before considering the incident resolved, reflecting the persistent threat of recurrent attacks during the mitigation period.