The European Telecommunications Standards Institute (ETSI) faced a cyberattack that allowed hackers to exfiltrate a database containing a list of online users, the organization announced.
ETSI is a recognized regional standards body dealing with telecommunications, broadcasting, and other electronic communications networks and services. It supports European regulations and legislation through the creation of Harmonised European Standards.
During the cyberattack, the ETSI portal and IT system dedicated to its members’ work were affected.
Based in Sophia Antipolis, a technology park in southeast France, the ESTI IT team collaborated with the French National Cybersecurity Agency (ANSSI) to investigate and repair the information systems.
While the vulnerability on which the attack was based has been fixed, ETSI believes that the database containing a list of its online users was exfiltrated.
“Transparency is at the root of ETSI, in our governance and technical work. We have already proven to be quick to react and adapt to crises,” said Luis Jorge Romero, ETSI Director-General. “The shutdown challenged our working procedures and IT systems, and we managed to ensure business continuity for both our staff and our members whilst limiting the risks. They were able to keep working without disturbance during that period.”
He thanked experts from ANSSI for the knowledge, advice, and help to remediate and strengthen the security of systems.
ETSI asked their online services users to change their passwords, and a judicial inquiry for criminal proceedings is underway. According to an announcement, a notification has also been made to the French data protection authority (CNIL) as required by the General Data Protection Regulation (GDPR).
ETSI is registered as an association, a nonprofit organization, under French law. It has 900 member organizations from over 60 countries and five continents.
