Magnet+, a telecommunications company, is probing a potential breach that might have exposed its employees’ and customers’ confidential information. The company picked up this breach incident, which occurred on April 8th, via its internal IT security mechanisms. Magnet+ promptly unplugged any servers that might have been affected from the network, thereby halting the attack. But, the raided servers contained sensitive information about employees and customers.
According to the company, the breach did not affect the Magnet+ telecommunication network and services. The only affected areas were the back-office systems, which are now fully restored. The company refrained from giving an estimated number of individuals who may have been impacted. They have, however, alerted all employees – past and current – and customers at risk.
The breach could have allowed access to personal data, such as names, addresses, bank details, and other employment-related data of staff. It may also have exposed the names, addresses, emails, phone numbers, and service specifics of both residential and commercial customers.
In line with Data Protection Commission stipulations, Magnet+ ensured that those affected were promptly informed. Both the Data Protection Commission and the gardaí were advised about the incident. The company stressed that, despite the potential breach, there’s no solid evidence that an unauthorized entity accessed any data. Affected parties are being notified as a precautionary step, in compliance with legal obligations.
The company urged everyone affected to exercise caution regarding unsolicited emails, phishing attempts, unrecognised requests, or contact, including any appearing to come from Magnet+. The warning extended to interactions on social media and online banking apps.
Currently, Magnet+ is conducting a thorough investigation, collaborating with forensic and cybersecurity experts to determine if any data might have been compromised. The Data Protection Commission has confirmed its assistance in handling the incident with Magnet+.
The Data Protection Commission (DPC) has acknowledged being informed about a possible violation of personal data at Magnet+. The disclosure meets the requirements of the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (SI 336 of 2011), as well as the General Data Protection Regulation (GDPR). The DPC is currently consulting with Magnet+ concerning the potential infringement.
Based in Dublin, Magnet+ supplies telecommunications, data connectivity, and security services to residential and business customers across Ireland, Europe, and the US. The firm, originally known as Magnet Networks, was purchased by Speed Fibre Group, the owners of Enet and AirSpeed Telecom, in December 2020. In 2021, it merged with AirSpeed Telecom to operate under the Magnet+ label.