London-based Colt Technology Services said a cyber incident disrupted its customer portal and several internal systems for multiple days, with no evidence that customer or employee data was accessed improperly. In a statement to The Associated Press, the company said it had taken protective measures to safeguard customers, staff and the business and had notified the appropriate authorities.
Colt confirmed that one of its internal systems – distinct from the customer-facing infrastructure – was targeted. The disruption affected Colt Online, the company’s customer portal, and prompted the company to advise customers to use email or phone support in the interim. Colt’s status page shows the issues began on August 12, and the portal remained unavailable as of Friday.
Colt said its technical teams, aided by third-party cyber experts, are working to restore affected systems. The company emphasized that customer-facing services were the focus of the incident response and that its staff and customers were being safeguarded as the investigation continues. Colt status page notes ongoing efforts to recover services and minimize disruption.
On August 13, Colt said its Voice API platform – used by customers to automate and manage voice services – was also brought offline as part of the broader disruption. In the latest update, the company reiterated that it is working nonstop to restore impacted internal systems, acknowledging the frustration caused by the outage of Colt Online and the Voice API platform.
The exact cause of the attack remains unknown. Infosec observer Kevin Beaumont asserted that Shodan scans showed cybercriminals probing Colt’s systems, including SharePoint servers, suggesting the attackers may have identified exposed endpoints before moving laterally. Beaumont’s observations were shared on cyberplace.social, which the article notes as part of its coverage of the incident. The company reportedly added firewall protections for its EU infrastructure as the issue first emerged.
A wider industry context: Colt has a long history in telecommunications. The company was privately held after Fidelity Investments acquired it in 2015 and has since expanded operations across Europe, Asia and North America. It now operates in 40 countries and serves about 32,000 buildings, with dozens of thousands of customers worldwide after a series of acquisitions, including the $1.8 billion purchase of Lumen EMEA in 2023.
As additional information emerged, Colt said there had been another development: the WarLock ransomware group claimed responsibility for the attack and began purportedly selling stolen Colt documents on a cybercrime forum, alleging the release included up to 1 million company records for about $200,000. The claim has not been independently verified, and Colt has not commented on the WarLock assertion at this time.