Cyber Incident Victim: Hellenic Telecommunications Organization

The incident impacting Cosmote, Greece's largest mobile network operator, occurred between September 1 and September 5, 2020. Attackers accessed a file containing telecommunications metadata for thousands of customers during this five-day period. The compromised data included call records with phone numbers, dates, times, and durations of calls made or received, but did not contain customer names or surnames. Additional exposed information encompassed technical and demographic details: device types, International Mobile Subscriber Identity (IMSI) numbers, subscriber ages, genders, average revenue per user (ARPU) metrics, base station coordinates, and mobile tariff plan information. The breach originated through a third country, with Lithuania identified as the most likely source of the attack. Cosmote publicly disclosed the incident on October 16, 2020, approximately six weeks after the intrusion occurred.

The operator confirmed the attack exposed sensitive telecommunications metadata that could potentially reveal patterns of communication, device characteristics, and subscriber financial profiles through ARPU data. While personally identifiable names were not directly compromised, the combination of phone numbers with demographic and location information through base station coordinates created privacy risks. Cosmote did not specify the exact number of affected subscribers beyond referencing "thousands" of customers in its disclosure. The company provided no details regarding detection methods, containment procedures, or technical mitigation measures taken during or after the breach. No information was released about whether law enforcement investigations were initiated or if regulatory authorities were notified beyond the public statement. The disclosure emphasized the types of data exposed but did not address potential consequences for affected customers or operational impacts on Cosmote's network infrastructure.