Frontier Communications shuts down systems after cyberattack

​American telecom provider Frontier Communications is restoring systems after a cybercrime group breached some of its IT systems in a recent cyberattack.

Frontier is a leading U.S. communications provider that provides gigabit Internet speeds over a fiber-optic network to millions of consumers and businesses across 25 states.

After discovering the incident, the company was forced to partially shut down its systems to prevent the threat actors from laterally moving through the network, which also led to some operational disruptions.

Despite this, Frontier says the attackers could access some PII data, although it didn't share if it belonged to customers, employees, or both.

"On April 14, 2024, Frontier Communications Parent, Inc. [..] detected that a third party had gained unauthorized access to portions of its information technology environment," the company revealed in a filing with the U.S. Securities and Exchange Commission on Thursday.

"Based on the Company's investigation, it has determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information."

If you have any information regarding this incident or any other undisclosed attacks, you can contact us confidentially via Signal at 646-961-3731 or at tips@bleepingcomputer.com.

Frontier now believes that it has contained the breach, has since restored its core IT systems affected during the incident, and is working on restoring normal business operations.

As BleepingComputer found, the company currently displays warnings on its website cautioning users that it's experiencing internal support technical issues and that "residential and business networks are not affected."

​Frontier's mobile apps are also down, with the same warning message being displayed after launching the application.

According to an internal memo, a network outage took down Frontier's wholesale sites on Tuesday morning at around 7:30 AM ET, as well as the following applications and platforms:

Virtual Front Office (VFO) Local (LSR/ISP) Module Virtual Front Office (VFO) Access (ASR) Module Virtual Front Office (VFO) Trouble Administration (TA) Module E-Bonded Applications - EDI, UOM, TML Customer Wholesale Portal (CWP) Wholesale Operations Website (https://wholesale.frontier.com) Wholesale Billing Online tools (CTS, CABS Portal, COBRA)

Despite the company's assurances, many customers have been reporting that their Internet connection has been down since and that support phone numbers are playing prerecorded messages instead of redirecting to a human operator.

"The Company continues to investigate the incident, has engaged cybersecurity experts, and has notified law enforcement authorities," Frontier added in the SEC filing.

"The Company does not believe the incident is reasonably likely to materially impact the Company’s financial condition or results of operations."

A Frontier spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.