U.S. telecommunications firm Charter Communications has disclosed being affected by a third-party data breach after data claimed to be stolen from nearly 550,000 of its customers has been posted on a hacking forum, reports The Record, a news site by cybersecurity firm Recorded Future.
Information posted on the hacking forum included Charter Communications customers' names, addresses, account numbers, and other details on repairs and sales, but Charter Communications said that there has been no evidence to suggest that any customer proprietary network information or customer financial data was compromised.
Such a breach follows the Federal Communications Commission's unanimous decision to launch a probe into potential modifications to telecommunications firms' breach notification rules, with FCC Chair Jessica Rosenworcel noting that existing regulations are no longer fit amid increased data collection, as well as more prevalent cyber threats against telecommunications companies.
"The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements," said Rosenworcel.
A GitHub Actions workflow could have been used for a command injection vulnerability in Bazel, which had the potential for threat actors to add malicious code into the production environment for projects using the Google open-source product.