Frontier Communications shuts down systems after cyberattack

American telecom provider Frontier Communications is restoring systems after a cybercrime group breached some of its IT systems in a recent cyberattack.

Frontier is a leading U.S. communications provider that provides gigabit Internet speeds over a fiber-optic network to millions of consumers and businesses across 25 states.

After discovering the incident, the company was forced to partially shut down some systems to prevent the threat actors from laterally moving through the network, which also led to some operational disruptions.

Despite this, Frontier says the attackers could access some PII data, although it didn't disclose if it belonged to customers, employees, or both.

"On April 14, 2024, Frontier Communications Parent, Inc. [..] detected that a third party had gained unauthorized access to portions of its information technology environment," the company revealed in a filing with the U.S. Securities and Exchange Commission.

"Based on the Company's investigation, it has determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information."

If you have any information regarding this incident or any other undisclosed attacks, you can contact us confidentially via Signal at 646-961-3731 or at tips@bleepingcomputer.com.

Frontier now believes that it has contained the breach, has since restored its core IT systems affected during the incident, and is working on restoring normal business operations.

As BleepingComputer found, the company currently displays warnings on its website cautioning users that it's experiencing internal support technical issues and that "residential and business networks are not affected."



Frontier incident warning (BleepingComputer)



​Frontier's mobile apps are also down, with the same warning message being displayed after launching the application.

According to an internal memo, a network outage took down Frontier's wholesale sites on the morning of April 16 at around 7:30 AM ET, as well as the following applications and platforms:

• Virtual Front Office (VFO) Local (LSR/ISP) Module
• Virtual Front Office (VFO) Access (ASR) Module
• Virtual Front Office (VFO) Trouble Administration (TA) Module
• E-Bonded Applications - EDI, UOM, TML
• Customer Wholesale Portal (CWP)
• Wholesale Operations Website (https://wholesale.frontier.com)
• Wholesale Billing Online tools (CTS, CABS Portal, COBRA)

Despite the company's assurances, many customers have been reporting that their Internet connection has been down since and that support phone numbers are playing prerecorded messages instead of redirecting to a human operator.