Data Security Incident at Colt Leads to Extended Disruptions of Key Services

British telecommunications and network services provider Colt experienced a major data security incident that caused multi-day outages affecting hosting, porting, Colt Online, and Voice API services.

 

In a data security incident notice published on its website, Colt said that earlier this month, it suffered a significant “technical issue” that caused significant disruption in the company’s daily operation. The telecom provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

In a separate update, Colt said that the “technical issue” resulted from a data security incident on the company’s internal network.

 

“Thank you for your patience and understanding while some of your support services including Colt Online and our Voice API platform remain unavailable. We can confirm that this is related to our response to a recent cyber incident at Colt Technology Services. We detected a cyber incident on an internal system. This system is separate from our customers’ infrastructure,” Colt said.

 

To mitigate the effect of the incident, Colt took certain protective measures, including taking several critical systems offline, which caused disruption to some of the support services.

 

 

 

A threat actor using the alias ‘cnkjasdfgd,’ who claims affiliation with the WarLock ransomware gang, has taken responsibility for the attack and has offered to sell a batch of one million documents, allegedly stolen from Colt, for $200,000. The threat actor also shared sample documents containing financial records, employee and customer information, executive data, internal emails, and software development details.

 

Cybersecurity expert Kevin Beaumont suspects that threat actors exploited the Microsoft SharePoint vulnerability CVE-2025-53770 to breach sharehelp.colt.net, staying undetected in the network for more than a week. He also suggests that Colt may be attempting to conceal the incident.

 

As of August 18, the telecom provider said it is working tirelessly to restore its services, including Colt Online and the Voice API platform, but has not provided a specific timeline for full restoration.