A Greece-based company that owns Cosmote and OTE was slapped with a €9 million penalty for failing to inform its customers that their data was stolen in a sophisticated cyber attack that occurred in 2020.
As the company kept its customers in dark, the Greek data protection authority imposed a 5,850,000 EUR and 3,250,000 EUR to OTE, both a part of OTE Group.
Going deep into the details, the attack was launched from a Lithuanian IP address through a social engineering attack made on one of the Cosmote employees. Hackers then stole the credentials via LinkedIn and then launched a brute force attack to gain access to the corporate network.
Then the threat actor hid in the network for almost 90 days and stole vital information in company several times.
Security analysts claim that often such info is reused in identity theft attacks that have risen at an enormous rate since March 2020.
NOTE- The Greek watch dog has given a specific time frame for OTE to legally raise an objection to any. Otherwise it has to pay the penalty amount as said to the infringement of over 8 articles mentioned in GDPR.
