European Telecommunications Standards Institute (ETSI) suffered a data breach

The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users.

Threat actors stole a database containing the list of users of the portal of the European Telecommunications Standards Institute (ETSI).

The European Telecommunications Standards Institute is an independent, not-for-profit organization based in Europe. The organization focuses on developing global standards for information and communications technology (ICT) and telecommunications, such as: GSM™, TETRA, 3G, 4G, 5G, DECT™.

ETSI plays a crucial role in ensuring interoperability, compatibility, and effective communication in the rapidly evolving field of telecommunications and digital technologies.

ETSI has more than 900 member organizations worldwide from 65 countries.

The French-based organization launched an investigation into the incident with the help of the French National Cybersecurity Agency (ANSSI).

“Following a cyberattack observed on ETSI portal, the IT system dedicated to its members’ work, the ETSI IT team worked in close collaboration with the French National Cybersecurity Agency (ANSSI) to investigate and repair the information systems. The vulnerability on which the attack was based has been fixed.” reads the data breach notification published by the European Telecommunications Standards Institute. “ETSI believes the database containing the list of their online users have been exfiltrated. Since the attack and under the guidance of ANSSI experts, ETSI has fixed the vulnerability, undertaken additional security actions and significantly strengthened its IT security procedures.” ù

In response to the incident, ETSI prompted its users to change their passwords. The organization also reported the incident to the French data protection authority (CNIL) as required by the General Data Protection Regulation (GDPR).

“Transparency is at the root of ETSI, in our governance and technical work. We have already proved to be quick to react and adapt to crises, Covid being one of them. The shutdown challenged our working procedures and IT systems and we managed to ensure business continuity for both our staff and our members whilst limiting the risks. They were able to keep working without disturbance during that period. For this new crisis, we are very grateful for the knowledge and advice of the experts from the French National Cybersecurity Agency (ANSSI), who have helped us to determine the remedial actions to be taken, and to strengthen the security of our systems,” says Luis Jorge Romero, ETSI Director-General.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, European Telecommunications Standards Institute)