The European Telecommunications Standards Institute (ETSI) has been targeted by a cyberattack that allowed hackers to steal a database containing a list of online users.
The ETSI portal and IT system used for its members’ work were also impacted by the cyberattack.
In accordance with the General Data Protection Regulation (GDPR), the agency also informed the French Data Protection Authority (CNIL).
The French National Cybersecurity Agency (ANSSI) and the ETSI IT team worked closely together to identify the vulnerability, repair the compromised systems and implement the required patches.
“ETSI believes the database containing the list of their online users has been exfiltrated,” said the agency in a press release. “Since the attack and under the guidance of ANSSI experts, ETSI has fixed the vulnerability, undertaken additional security actions and significantly strengthened its IT security procedures. Following this incident, ETSI asked their online services users to change their passwords.”
“The shutdown challenged our working procedures and IT systems and we managed to ensure business continuity for both our staff and our members whilst limiting the risks. They were able to keep working without disturbance during that period. For this new crisis, we are very grateful for the knowledge and advice of the experts from the French National Cybersecurity Agency (ANSSI), who have helped us to determine the remedial actions to be taken and to strengthen the security of our systems,” according to the ETSI Director-General, Luis Jorge Romero.
ETSI is a reputable regional standards organization that deals with networks and services for telecommunications, broadcasting and other electronic communications. It has 900 members from over 60 countries and five continents.