Cosmote Suffered a Data Breach but Kept It Secret for Over a Month

Published on October 17, 2020
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

Cosmote, the largest mobile network operator in Greece, has suffered a catastrophic data breach that took place between September 1 and 5, 2020. The telco realized this on September 9, 2020, and has opted to keep the event secret until now to investigate the impact it had on its customers and services.

As the company confirms now, remote file inclusion (RFI) attacks that were launched from Lithuanian infrastructure have resulted in the exfiltration of files from its systems, but no sensitive PII like customer names or payment details were accessed.

Cosmote was obliged by law to inform the data protection and communications confidentiality authority, and the latter has already formed a team of experts who visited the companies premises to conduct an investigation.

As it has been confirmed now, the following data has been accessed by hackers:

Cosmote mostly uses the above for network optimization and better service provision, but it could still be useful in the hands of scammers, phishing actors, and blackmailers. Many of these logs may contain information that the subscribers would want to keep private, so extortion is always a possibility even if one has “rough” data about the target.

Read More: “Panion” Social Media App Exposed User Location Data

For example, calling a particular number you weren’t supposed to or being somewhere you shouldn’t be can be determined by these logs, and while this will take some digging for malicious actors to exploit, they can always be used as a fuel for social engineering. That said, if you are a Cosmote customer, you should stay alert and handle incoming communications with extra care.

The Greek state fears that the hackers may use the base station location data to correlate numbers with key places and find out which ones belong to high-ranking state and army officials, government members, etc. This constitutes a matter of national safety, and so a lot was done in secrecy during these 40 days to mitigate the associated risks on the most critical levels.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: