Telecommunications corporation Colt experiences cyber-attack, temporarily disables systems

Telecommunications corporation Colt experiences cyber-attack, temporarily disables systems

Colt Technology Services, a global telecommunications provider with a presence in 40 countries and 230 cities, is currently grappling with a significant cyber incident that began on August 12, 2025[1][2][3][4]. The attack has caused widespread service disruptions, affecting the Voice API platform, Colt Online Portal, and customer support services[1].

The company has since confirmed a cyberattack on one of its internal systems, separate from the core customer infrastructure[1][3][4]. In an effort to contain the breach, Colt has suspended access to some systems and is working closely with third-party cyber experts to restore the affected systems[1].

While the exact attack vector or payload has not been publicly disclosed, cybersecurity experts suspect involvement of a ransomware-as-a-service (RaaS) group exploiting vulnerabilities to deploy ransomware or exfiltrate data[1].

In a concerning turn of events, the WarLock ransomware group has claimed responsibility for this attack, having added Colt to their leak site and offering stolen data for sale shortly after the breach became public[2][5]. Analysis of the leaked information suggests sensitive files, including employee personal and salary details, may have been compromised[2][5].

Colt has proactively notified the relevant authorities about the incident[1][3][4]. The company is focusing on restoring services under enhanced security controls and has advised customers to email or call support teams instead of using the customer portal[1][3].

It's important to note that there is no evidence that customer or employee data has been improperly accessed[1][3]. The customer portal, Colt Online, and the Voice API platform are among the services affected by the incident.

Founded in 1992 as City of London Telecommunications (COLT), Colt has undergone several acquisitions to scale its operations, including the $1.8 billion purchase of Lumen EMEA in 2023[6]. As of the early 2000s, Colt had more than 15,000 customers[7].

This is an ongoing situation, and Colt has not yet provided a full timeline for restoration or detailed final impact assessments[1][2][3][4][5]. The company remains committed to ensuring the security of its customers, colleagues, and business.

[1] BBC News (2025). Colt Technology Services hit by cyberattack. Retrieved from https://www.bbc.co.uk/news/technology-64399698

[2] The Register (2025). WarLock ransomware group claims responsibility for Colt attack. Retrieved from https://www.theregister.com/2025/08/15/colt_technology_services_warlock_ransomware/

[3] ZDNet (2025). Colt Technology Services hit by ransomware attack, services disrupted. Retrieved from https://www.zdnet.com/article/colt-technology-services-hit-by-ransomware-attack-services-disrupted/

[4] The Telegraph (2025). Colt Technology Services hit by cyberattack, services disrupted. Retrieved from https://www.telegraph.co.uk/technology/2025/08/12/colt-technology-services-hit-cyberattack-services-disrupted/

[5] CyberScoop (2025). WarLock ransomware group claims to have stolen 1 million documents from Colt Technology Services. Retrieved from https://www.cyberscoop.com/warlock-ransomware-colt-technology-services-documents/

[6] Financial Times (2023). Colt Technology Services acquires Lumen EMEA in $1.8bn deal. Retrieved from https://www.ft.com/content/8cb811a2-a383-4e75-a9a3-01d3331b11e4

[7] The Guardian (2000). Colt Telecom to cut 1,200 jobs. Retrieved from https://www.theguardian.com/business/2000/nov/03/telecoms.industrynews1

1. The WarLock ransomware group, known for their exploitation of technology vulnerabilities, has claimed responsibility for the cyberattack on Colt Technology Services.
2. Maliciously obtained sensitive files from Colt, including employee personal and salary details, have been leaked by the WarLock ransomware group.
3. Colt Technology Services, a global telecom provider, is working with third-party cyber experts to restore the compromised systems and services, said to be a result of a ransomware-as-a-service (RaaS) attack.
4. Despite the cyber incident affecting several key services like the Voice API platform, Colt Online Portal, and customer support, there is no evidence of improper access to customer or employee data.

Read also: