Cyber Incident Victim: Intrado

On December 1, 2022, the Royal Ransomware gang claimed responsibility for a cyberattack against telecommunications provider Intrado, alleging data theft and demanding a $60 million ransom. The group, described as operating without affiliates and composed of experienced threat actors, stated it had exfiltrated internal documents, passports, and employee driver’s licenses from Intrado’s systems. To substantiate the breach, Royal shared a 52.8 MB archive containing scans of passports, business documents, and driver’s licenses on their data leak site, though no full data dump had been published at the time of reporting. Intrado did not publicly confirm the attack or respond to repeated requests for comment from BleepingComputer. The incident coincided with a widespread outage impacting all Intrado services, including Unified Communication Services, Healthcare, and Unified Communications as a Service (UCaaS), which the company initially attributed to an "internal network issue" on December 1. During the outage, Intrado advised customers to contact support via email or chat due to phone service disruptions.

The U.S. Department of Health & Human Services (HHS) confirmed on December 2 that the Intrado network outage had been addressed but criticized the phone service disruption as "unacceptable" and stated an investigation into the root cause was ongoing. Intrado restored most services following the outage but reported intermittent issues with healthcare notifications as late as December 21. The company, which provides services to approximately 82% of Fortune 500 companies and manages 20 billion annual telephony minutes, had previously settled with the U.S. Federal Communications Commission for $1,750,000 in 2021 over failures to deliver 911 calls and notify authorities during an earlier outage. Royal Ransomware’s threats to leak stolen data aligned with common extortion tactics, though the full impact of the breach remained unverified due to Intrado’s lack of public disclosure.