PRESS RELEASE

Constella Intelligence Research Detects Significant Exposed Data Records Rampant Cyber Breaches for Top Fortune Global 500 Telecommunications Companies

LOS ALTOS, Calif., March 1, 2022 — Today, Constella Intelligence (“Constella”), a leader in Digital Risk Protection and Identity Threat Intelligence, announced the release of its Mobile World Congress 2022 Exclusive Report: Telcos & Digital Identity Cyber Risks. The report expands upon Constella’s 2021 Identity Breach Report, outlining new findings regarding exposures, breaches, and leakages within the telecommunications (“Telco”) sector. The analysis specifically reviewed the credentials of employees and executives from the top twenty Telco companies on the Fortune Global 500 list. Constella’s threat intelligence team analyzed data from January 2018 through September 2021, working to understand the digital vulnerabilities that Telco companies face due to exposed records through leakages and data breaches. Among the surface, deep and dark web, Constella’s team identified 4,873 breaches and leakages and 5,561,409 exposed records among Telco industry companies. These exposed records include attributes such as email addresses, passwords, phone numbers, addresses, and usernames connected to employee corporate credentials.“Our new findings highlight the prevalence of data breaches and leakages facing today’s remote workforce,” said Kailash Ambwani, the CEO of Constella Intelligence. “Unaddressed, this exposed data spells serious digital risk for global Telco companies undergoing increasing digitization and transitioning to remote, virtual workforces and operations.”The circulation of sensitive employee data grants threat actors access to execute a wide variety of cyberattacks, including impersonation, phishing, account takeover, and several others that can lead to more sophisticated attacks such as ransomware or coordinated disinformation campaigns.“The Telco sector is in a unique position due to its broad customer base and the desire for ubiquitous data access. As the world’s primary connector between people and information, Telco companies touch nearly everyone’s personal and account information at some point,” said John Masserini, a senior research analyst with TAG-Cyber. “A breach of just one Telco employee’s corporate credentials creates a vulnerability that can lead to a massive data breach affecting millions of customers worldwide.”

This report uncovers the widespread prevalence of breaches and exposures related to the corporate credentials of employees and executives in the Telco sector, detailing the serious risks emerging from exposed sensitive data that negatively impact customers, employees, executives, and brands.

Key Findings:

  • Constella detected over 5.6M exposed records from almost 5K breaches and data leakages pertaining to corporate credentials since 2018 across the world’s largest Telco companies. The number of exposed records skyrocketed in 2021, accounting for 57% of the 5.6M exposed records.
  • Exposure of Telco executives and their personal information is widespread – 43% of Telco executives have had their corporate credentials exposed in a breach or leakage since 2018.

Telco employees are likely incurring risk by using corporate credentials on non-essential sites like gaming, social media, and others. 13% of breaches occurred on third-party domains classified as “gaming.” Over two-thirds (67%) of the breaches and leakages identified include personally identifiable information (PII), and diverse attributes. Constella continuously monitors social media as well as the surface, deep and dark web for exposed corporate credentials and other PII with automatic alerts once a threat is detected to protect employees, executives, and companies from a targeted attack.

Download Mobile World Congress 2022 Exclusive Report: Telcos & Digital Identity Cyber Risks.

ABOUT CONSTELLA INTELLIGENCE

Constella Intelligence is a global leader in Digital Risk Protection, safeguarding millions of global users at some of the world’s largest organizations, including many of the largest global Telco companies. Our solutions are a unique combination of proprietary data, technology, and human expertise to anticipate, identify, and remediate targeted threats to your people, your brand and your assets at scale—powered by the most extensive breach and social data collection on the planet, from the surface, deep and dark web, with over 100B attributes and 45 billion curated identity records spanning 125 countries and 53 languages.

Executives and key employees like privileged IT personnel and HR are the new attack vector for cybercriminals as they have top-tier access to sensitive information which can lead to credential theft, account takeover, and a ransomware attack.

Try our Exposure Risk Tool to understand your level of risk and find out if you, your company, or your employees have been exposed – FREE.