Cyber Incident Victim: A1 Hrvatska
Date:
Feb 2022
Location:
Croatia
Summary
A Croatian telecommunications provider experienced a cybersecurity incident involving unauthorized access to a customer database, compromising personal data of approximately 10% of its client base. Exposed information included full names, physical addresses, national identification numbers, and phone numbers, though financial details and account credentials remained unaffected. The company immediately halted further unauthorized access, engaged forensic investigators to confirm the breach scope, and implemented enhanced protective measures. Law enforcement authorities received a criminal report and initiated an investigation, while relevant regulatory bodies were notified. Affected customers were directly notified, with the organization emphasizing no service disruptions occurred and asserting the incident's recurrence was prevented through security improvements.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A1 Hrvatska, a Croatian telecommunications provider, experienced a cybersecurity incident involving unauthorized access to one of its customer databases, disclosed on February 9, 2022. The breach exposed personal data of approximately 10% of its customer base, affecting roughly 200,000 individuals. Compromised information included full names, personal identification numbers (OIB), physical addresses, and telephone numbers. The company confirmed through computer forensic analysis that financial data—such as bank card details or online account credentials—remained secure, as these were not stored in the breached database. A1 Hrvatska detected signs of suspicious activity prompting immediate action to block further unauthorized access, though the initial intrusion vector was not publicly specified. The incident did not disrupt telecommunications services, indicating the breach was confined to data exfiltration rather than system-wide operational interference.
Following containment, A1 Hrvatska filed a criminal report with the Zagreb Police Department, initiating a law enforcement investigation to identify the perpetrators. The company also notified Croatia’s regulatory authorities, including the Croatian Regulatory Authority for Network Industries (HAKOM) and the Personal Data Protection Agency (AZOP), pledging full cooperation. Affected customers were directly informed of the exposure, with A1 establishing dedicated communication channels—a toll-free phone line and email address—for inquiries. The firm reiterated adherence to "highest security standards" while committing to additional investments in cybersecurity infrastructure, asserting the incident’s recurrence was "not possible." Although A1 is a strategic partner of Vodafone, which suffered a separate disruptive attack in Portugal days earlier, no conclusive link between the two incidents was established. Forensic reviews and log analyses continued post-disclosure to refine the scope of impacted data and reinforce system safeguards.