Cyber-breach at Frontier Communications exposes personal data of approximately 751,000 individuals.
In a disturbing turn of events, Frontier Communications, a major provider of phone and internet services based in Dallas, Texas, disclosed a cyberattack in April 2023. The incident exposed personal data of over 751,000 people, as reported to the Maine Attorney General.
The attack led to a disruption of Frontier Communications' operations, which could be deemed material, as stated in an April filing with the Securities and Exchange Commission. However, the company stated they did not expect the attack to have a material impact on their financial results.
The Role of CISOs in Understanding Corporate Risk
As corporate stakeholders grapple with the aftermath of such incidents, the evolving role of Chief Information Security Officers (CISOs) becomes increasingly important. CISOs help stakeholders understand the risk calculus of their technology stacks and answer the question of whether they are potential targets.
RansomHub: A Prominent Ransomware Actor
The cyberattack on Frontier Communications is suspected to have been carried out by a cybercrime group, but recent data does not confirm direct involvement of the RansomHub ransomware group in this specific incident. RansomHub, a rebranded version of Knight ransomware, as stated in Symantec's report, was a highly prolific ransomware operator active through 2024 and into early 2025.
Known for exploiting vulnerabilities to gain initial access and using double extortion tactics, RansomHub claimed about 45 victims from early February through the end of April, with 13 being in the U.S., according to an analysis by Forescout. Researchers from Forescout linked RansomHub to the Change Healthcare attack, which caused significant disruption to hospitals and prescription drug access across the U.S.
However, RansomHub ceased operations entirely at the beginning of April 2025, with its infrastructure going offline. Following this shutdown, many of its affiliates migrated to other ransomware-as-a-service (RaaS) groups such as DragonForce and LockBit.
Alleged Stolen Data and Larger Cache Claim
Brett Callow, a threat analyst at Emsisoft, posted screenshots of allegedly stolen data from the attack on the social media platform X. RansomHub claimed to have a larger cache of personal data from the Frontier Communications attack, according to Callow.
Despite numerous attempts, officials from Frontier Communications were not immediately available for comment.
As corporate stakeholders continue to grapple with the increasing threat of cyberattacks, understanding the risk calculus of their technology stacks and identifying potential targets remains a critical priority.
The cyberattack on Frontier Communications could potentially be attributed to a cybercrime group, with rumors circulating about the RansomHub ransomware group's involvement. As CISOs play a crucial role in understanding the risk calculus of technology stacks, they are instrumental in determining whether such incidents make a company a potential target. Moreover, RansomHub, a reknowned ransomware actor, was allegedly in possession of a larger cache of personal data stolen from Frontier Communications, as claimed by Brett Callow, a threat analyst.
