The European Telecommunications Standards Institute (ETSI), an independent organization that develops global standards for information and communications technology (ICT) and telecommunications, has disclosed a recent cyber attack that led to a security breach. The ETSI, which has over 900 member organizations from 65 countries, stated that threat actors managed to exfiltrate a database containing a list of their portal users.
The French-based organization swiftly launched an investigation into the incident with support from the French National Cybersecurity Agency (ANSSI). The ETSI further added that the infrastructure vulnerability which facilitated the attack has been fixed.
Urgent Security Measures & Investigations Initiated
The ETSI's IT team worked in collaboration with ANSSI to investigate and repair the compromised information systems. This collaboration has led to significant reinforcement of ETSI's IT security procedures.
As a counteractive measure, ETSI prompted its users to change their passwords to safeguard their accounts. The organization has also fulfilled its GDPR obligations by reporting the incident to the French data protection authority (CNIL).
Assurance and Transparency from ETSI
The ETSI assured portal users and the public of its dedication to overcoming crises and enhancing working procedures in the face of challenges. The organization reiterated this dedication was demonstrated during the COVID-19 pandemic; when its staff and members were able to work without interruptions, and risks were effectively mitigated.
Luis Jorge Romero, ETSI Director-General, stated that prompt action and transparency constitute ETSI's underpinning philosophy, appreciating the expertise received from ANSSI throughout the remedial process. ETSI's tactical approach to dealing with this cyberattack emphasizes the need for continuous vigilance and risk mitigation strategies in the digital space.
Regulators Taking a Stance on Data Breaches
There are increasing signs that regulators are seeking to shore up government systems from breach. This week in the UK, the Information Commissioner's Office (ICO) has issued a directive for immediate cessation of Microsoft Excel spreadsheet usage to publish Freedom of Information (FOI) data.
In light of the recent breaches involving the Police Service of Northern Ireland and Norfolk and Suffolk police constabularies, the ICO urges the use of alternative methods to mitigate personal data risk. These breaches led to the accidental exposure of confidential information stored within spreadsheets in response to FOI requests.