Colt Technology Services, a multinational telecommunications provider, experienced a **cyber incident** that disrupted its **customer portal (Colt Online) and Voice API platform** for multiple days starting **August 12, 2024**. The attack targeted an **internal system**, separate from customer-facing infrastructure, with **no confirmed compromise of customer or employee data**. However, the incident forced Colt to **proactively take systems offline**, causing service outages and forcing customers to rely on email or phone support instead of online tools. Investigations suggested potential exploitation of **SharePoint servers**, with indicators of **webshell implants** and suspicious IP activity linked to cybercriminals. Firewall protections were urgently deployed across Colt’s EU infrastructure. While the company assured authorities and customers of containment measures, the **prolonged disruption**—including the unavailability of critical platforms—highlighted operational vulnerabilities. Colt’s response involved **third-party cybersecurity experts** and round-the-clock restoration efforts, though full recovery remained pending as of the latest updates. The financial or reputational fallout was not quantified, but the incident underscored risks to **business continuity** and **customer trust** in a sector reliant on uninterrupted digital services.
Source: https://www.theregister.com/2025/08/15/london_telco_colts_services_disrupted/
TPRM report: https://www.rankiteo.com/company/colt-technology-services
"id": "col151081525",
"linkid": "colt-technology-services",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Unknown (customers advised to '
'use alternative support '
'channels)',
'industry': 'Telecommunications',
'location': ['London, UK (HQ)',
'Operations in 40 countries and 230 '
'cities across EMEA, Asia, and North '
'America'],
'name': 'Colt Technology Services',
'size': ['32,000 buildings served',
'Historically over 15,000 customers (early '
'2000s)',
'Acquired Lumen EMEA in 2023 for $1.8 '
'billion'],
'type': 'Multinational Telecommunications Company'}],
'attack_vector': ['Unknown (suspected SharePoint exploitation)',
'Possible webshell implantation'],
'customer_advisories': ['Use email or phone for support in lieu of online '
'portal'],
'data_breach': {'data_exfiltration': 'No evidence',
'number_of_records_exposed': '0 (no evidence of improper '
'access)',
'personally_identifiable_information': 'No evidence of '
'compromise',
'type_of_data_compromised': 'None confirmed'},
'date_detected': '2024-08-12',
'date_publicly_disclosed': '2024-08-12',
'description': 'Multinational telco Colt Technology Services experienced a '
'cyber incident that led to the disruption of its customer '
'portal (Colt Online) and Voice API platform, among other '
'internal systems. The attack began on August 12, 2024, with '
'no evidence of customer or employee data being improperly '
'accessed. Colt took protective measures, including taking '
'some systems offline, and is working with third-party cyber '
'experts to restore services. Investigations suggest potential '
'exploitation of SharePoint servers, with webshells possibly '
'implanted. Firewall protections were added to EU '
'infrastructure on the day the incident was announced.',
'impact': {'brand_reputation_impact': ['Potential reputational damage due to '
'prolonged service disruption'],
'customer_complaints': ['Frustration reported due to inability to '
'use systems like Colt Online'],
'data_compromised': 'No evidence of customer or employee data '
'being improperly accessed',
'downtime': ['Ongoing as of August 16, 2024 (at least 4 days)',
'Customer portal and Voice API platform remain '
'offline'],
'identity_theft_risk': 'None reported (no evidence of data access)',
'operational_impact': ['Disruption of support services',
'Customers advised to use email or phone '
'for support',
'Technical teams working around the clock '
'for restoration'],
'payment_information_risk': 'None reported',
'systems_affected': ['Colt Online (customer portal)',
'Voice API platform',
'Internal systems (separate from '
'customer-supporting systems)']},
'initial_access_broker': {'backdoors_established': ['Possible webshells '
'implanted (unconfirmed)'],
'entry_point': ['Potential SharePoint servers '
'(suspected)']},
'investigation_status': 'Ongoing (as of August 16, 2024)',
'references': [{'date_accessed': '2024-08-16',
'source': 'The Register',
'url': 'https://www.theregister.com/2024/08/16/colt_technology_cyber_incident/'},
{'date_accessed': '2024-08-16',
'source': 'Colt Technology Services Status Page'},
{'date_accessed': '2024-08-16',
'source': 'Kevin Beaumont (Infosec Watcher) via Shodan '
'Scans'}],
'regulatory_compliance': {'regulatory_notifications': ['Relevant authorities '
'proactively '
'notified']},
'response': {'communication_strategy': ['Public statements via The Register '
'and status page updates',
'Customer advisories to use '
'email/phone support'],
'containment_measures': ['Systems taken offline proactively',
'Firewall protections added to EU '
'infrastructure'],
'incident_response_plan_activated': True,
'recovery_measures': ['Around-the-clock efforts to restore Colt '
'Online and Voice API platform'],
'remediation_measures': ['Technical teams working to restore '
'affected systems'],
'third_party_assistance': ['Cybersecurity experts engaged']},
'stakeholder_advisories': ['Public statements issued',
'Customers advised to use alternative support '
'channels'],
'title': 'Cyber Incident at Colt Technology Services Disrupts Customer Portal '
'and Voice API Platform',
'type': ['Cyberattack', 'Service Disruption', 'Potential Unauthorized Access'],
'vulnerability_exploited': ['Potential SharePoint vulnerability '
'(unconfirmed)']}