The largest mobile network operator in Greece, Cosmote, revealed that thousands of customers' information was accessed during a cyber attack that occurred between September 1-5.
The breach took place through a third country, most likely from Lithuania.
The concerned file "contained elements of information, without names/surnames, on the calls made or received by mobile subscribers during the five-day period between 1-5/9/2020, and specifically: phone number, day, time and duration of the call. The file also included device type, IMSI [International Mobile Subscriber Identity], age, gender, ARPU [average revenue per user], base station coordinates and COSMOTE subscriber mobile tariff plan. This data is used by the company for network and customer service optimization," Cosmote said.
The file did not contain call or message content, names or addresses, passwords, or credit cards and bank accounts information.
No action is required by customers.
The announcement was made 40 days after the incident to allow the investigation to be carried out in secrecy.