Attackers breached Duo Broadband, a Kentucky-based communications company, stealing personal details of tens of thousands of customers.
The company noticed unauthorized meddling within its networks on the eve of Valentine’s Day 2025. According to a breach notification letter Duo Broadband sent to impacted individuals, threat actors attempted to disrupt the system, likely trying to deploy ransomware.
“Upon discovery, we immediately took action to secure our systems, terminated any unauthorized access, and notified law enforcement as required by federal regulations,” reads the letter.
Information the company submitted to the Maine Attorney General’s Office indicates over 42,500 individuals had their personal information exposed. Despite attempts to stop the intrusion, attackers managed to access customer data. The exposed details involved:
- First and last names
- Addresses
- Dates of birth
- Social Security numbers
Exposing sensitive and personal data increases privacy concerns for affected individuals. Attackers could utilize stolen details for identity theft and various fraud schemes. For one, malicious actors could try opening fraudulent bank accounts or use stolen identities for illicit activities, masking their own identities.
Threat actors may also carry out targeted phishing, attempting to masquerade as legitimate organizations in order to deceive individuals into providing even more sensitive data – such as login credentials – or downloading malware.
However, Duo Broadband claims that as of now, it has found no indication that stolen details were misused in any way, including identity theft. To mitigate possible danger, the company said it will provide impacted customers with complementary identity theft and credit monitoring services.
Your email address will not be published. Required fields are markedmarked