Cyber Incident Victim: Docomo Pacific
Date:
Mar 2023
Location:
Guam
Summary
Docomo Pacific, the primary telecommunications provider in Guam and the Northern Mariana Islands, suffered a cyberattack affecting multiple servers, prompting immediate isolation and shutdown of compromised systems. While customer data, mobile, and fiber services remained secure, widespread phone and internet outages ensued, leading to substantial customer complaints via social media regarding service disruptions. Restoration efforts proceeded gradually, with partial service recoveries reported sporadically, though the company provided incomplete details on restored features or locations. Customers attempting to use mobile data tethering as a suggested workaround encountered difficulties due to concurrent mobile service outages. The organization faced heightened criticism over communication shortcomings, including the removal of a Facebook update inundated with user complaints, and did not specify a timeline for full service recovery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Docomo Pacific, the largest telecommunications provider in Guam and the Northern Mariana Islands, experienced a multi-day service outage beginning on the evening of March 16, 2023, due to a cybersecurity incident. The company's CEO, Roderick Boss, confirmed on March 17 that servers had been attacked, prompting immediate activation of failsafe protocols by cybersecurity technicians. Technicians shut down affected servers and isolated the intrusion to contain the breach. The company stated customer data remained secure and core mobile network services and fiber infrastructure were unaffected, though significant service disruptions affected other systems. Customers across the territories reported widespread failures of phone service and internet connectivity through Friday and into the weekend, with many documenting outages on social media platforms.
Initial company communications on March 17 advised affected customers to tether devices to mobile data plans at no additional cost, but this guidance proved ineffective for users whose mobile voice services were simultaneously disrupted. By Saturday evening, the company tweeted that some services had been partially restored without specifying locations or service types. Docomo Pacific removed a Facebook update after facing criticism from frustrated customers in the comment section. As of Sunday evening, full restoration timelines remained unclear, and the company declined to confirm whether ransomware was involved in the attack. The incident impacted populations across both U.S. territories, affecting over 220,000 residents. This outage occurred amid heightened cybersecurity threats across Pacific island nations, including recent ransomware attacks against Tonga’s state telecom operator in February 2023, Guadeloupe’s systems in November 2022, and Vanuatu’s government networks – the latter having crippled parliamentary operations, emergency services, healthcare systems, and educational infrastructure. Docomo Pacific continued restoration efforts without providing further technical details about the attack vector or full recovery status.