Original article ISPreview UK:Read More
Business communications and internet provider Colt Technology Services (COLT) has provided an update after hackers breached their business support systems late last week, which resulted in the provider choosing to proactively take some systems offline. Work to restore the service remains ongoing, but sadly it is now known that a data breach has occurred.
The situation, which has also had knock-on impacts for other telecoms and networking providers across the UK and other countries, originally started on the morning of 12th August 2025 after hackers (allegedly a ransomware gang) breached some of Colt’s internal business support systems – said to be “separate from our customers’ infrastructure“.
The attackers are speculated to have entered through the sharehelp.colt.net server via as recently identified vulnerability in Microsoft’s SharePoint content management and collaboration platform (CVE-2025-53770), which has been given a critical vulnerability score of 9.8 out of 10. But this has not yet been officially confirmed by Colt.
In response, after detecting unusual activity on their business support systems, Colt decided to take some of their key systems offline (e.g. customer portal, NaaS portal, Voice/number API platform) and has been trying to safely recover everything since then. The situation is also disrupting the ordering and delivery of new services, while customer support has suffered after other “automated processes and systems” were also taken offline.
Sadly, it’s since come to light that “some data has been taken” by hackers (including customer data), although the official Cyber Incident page on Colt’s website remains rather vague on the detail.
Colt’s Latest Statement to Customers
We are writing to provide an update on the cyber incident that has affected our business support systems (BSS).
We are now aware that the threat actor has accessed certain files that may contain data related to our customers and posted the document titles on the dark web. Our immediate priority is to determine the precise nature of the files and what information they contain.
We have notified the relevant regulators and authorities, and we continue to work closely with law enforcement agencies as part of our investigation. We are leveraging all available resources to understand the scope and nature of the data breach and to recover the files as a matter of urgency. This is a complex investigation, and we are making progress.
We want to reassure you that this cyber incident is limited to our business support systems, which are separated from our customer infrastructure.
We are committed to sharing relevant details with you as our investigation progresses. Our dedicated incident response team, including external investigators and forensic experts, continue to work 24/7 on the investigation and recovery.
We will contact customers directly where we have specific knowledge of file names accessed.
We have set up a dedicated telephone line to help answer any questions you may have – this will be available from midday BST on Monday 18th August – local free of charge numbers can be found on the website URL below.
You can follow live information on a customer-only page, which can be found at https://www.colt.net/go/it-incident/
If you have any immediate questions, please get in touch with us at customerinformation@colt.net and we will respond as quickly as possible.
We sincerely apologise for any inconvenience this may cause. We greatly appreciate your patience, understanding and ongoing co-operation.
Yours sincerely,
Annette Murphy
Chief Commercial Officer, Colt Technology Services
The most recent service status update, which was posted at 5:45pm yesterday, noted that Colt’s teams “continue to work 24/7 to restore the internal systems affected by the recent cyber incident. We understand how frustrating it is not to have access to some of our support services such as Colt Online and our Voice API platform, and we’re very sorry for this. We appreciate your continued patience and understanding.”
Meanwhile, there are reports (ITPro.) that the cyber gang involved have begun trying to sell millions of related documents online, which are said to cover everything from employee salary and financial data to customer contract data, network details and software development details etc. Several hundred GigaBytes of information is allegedly being offered.