The European Telecommunications Standards Institute (ETSI) has disclosed a data breach following a cyberattack on its member’s portal.
Established in 1988, ETSI is an independent, not-for-profit organization that supports the development and testing of technical standards in the fields of information and communication, including technologies such as GSM, 3G, 4G, 5G, and others.
ETSI has over 900 member organizations from 65 countries across the globe, including academia, government, research entities, private organizations, and public bodies.
Last week, the France-based standardization body announced that hackers had breached “the IT system dedicated to its members’ work”, stealing the list of its online members.
“ETSI believes the database containing the list of their online users have been exfiltrated,” the organization said in an incident notice on its website.
ETSI says it has been working with the French National Cybersecurity Agency (ANSSI) to investigate the incident and that the vulnerability that led to the data breach has been fixed.
“Since the attack and under the guidance of ANSSI experts, ETSI has fixed the vulnerability, undertaken additional security actions and significantly strengthened its IT security procedures,” ETSI says.
As a precautionary measure, the organization has prompted all its online users to reset their passwords, but it is unclear whether user credentials were stored in the stolen database.
According to ETSI, a law enforcement investigation has been launched and the incident has been reported to the French data protection authority (CNIL) as required by regulation.
“Transparency is at the root of ETSI, in our governance and technical work. We are very grateful for the knowledge and advice of the experts from the French National Cybersecurity Agency (ANSSI), who have helped us to determine the remedial actions to be taken, and to strengthen the security of our systems,” ETSI Director-General Luis Jorge Romero said.