European Telecommunications Standards Institute (ETSI) suffered a data breach

The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users.

Threat actors stole a database containing the list of users of the portal of the European Telecommunications Standards Institute (ETSI).

The European Telecommunications Standards Institute is an independent, not-for-profit organization based in Europe. The organization focuses on developing global standards for information and communications technology (ICT) and telecommunications, such as: GSM™, TETRA, 3G, 4G, 5G, DECT™.

ETSI plays a crucial role in ensuring interoperability, compatibility, and effective communication in the rapidly evolving field of telecommunications and digital technologies.

ETSI has more than 900 member organizations worldwide from 65 countries.

The French-based organization launched an investigation into the incident with the help of the French National Cybersecurity Agency (ANSSI).

“Following a cyberattack observed on ETSI portal, the IT system dedicated to its members’ work, the ETSI IT team worked in close collaboration with the French National Cybersecurity Agency (ANSSI) to investigate and repair the information systems. The vulnerability on which the attack was based has been fixed.” reads the data breach notification published by the European Telecommunications Standards Institute. “ETSI believes the database containing the list of their online users have been exfiltrated. Since the attack and under the guidance of ANSSI experts, ETSI has fixed the vulnerability, undertaken additional security actions and significantly strengthened its IT security procedures.” ù

In response to the incident, ETSI prompted its users to change their passwords. The organization also reported the incident to the French data protection authority (CNIL) as required by the General Data Protection Regulation (GDPR).

“Transparency is at the root of ETSI, in our governance and technical work. We have already proved to be quick to react and adapt to crises, Covid being one of them. The shutdown challenged our working procedures and IT systems and we managed to ensure business continuity for both our staff and our members whilst limiting the risks. They were able to keep working without disturbance during that period. For this new crisis, we are very grateful for the knowledge and advice of the experts from the French National Cybersecurity Agency (ANSSI), who have helped us to determine the remedial actions to be taken, and to strengthen the security of our systems,” says Luis Jorge Romero, ETSI Director-General.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, European Telecommunications Standards Institute)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.