Croatian phone carrier ‘A1 Hrvatska’ has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200,000 people.
The announcement does not provide many details other than that they suffered a cybersecurity incident involving the unauthorized access of one of their user databases, which contained sensitive personal information.
The type of information that has been accessed includes full names, personal identification numbers, physical addresses, and telephone numbers.
A1 Hrvatska emphasizes that information on bank cards or online accounts hasn’t been compromised, as the accessed database didn’t contain these details.
This critical part was confirmed by a computer forensics team that investigated the incident and analyzed the logs to determine what was stolen.
A1 Hrvatska says they are directly notifying customers whose information was exposed in this breach.
Meanwhile, the Zagreb Police has already received a criminal report and is investigating the attack.
“A1 Croatia takes this embarrassing situation extremely seriously and, immediately after the first signs of suspicion of unauthorized access to the user base, immediately and without delay prevented further unauthorized access and took additional protection measures,” reads the statement.
“A1 Croatia adheres to the highest security standards and data protection, and we will continue to make additional investments in improving the security environment. The recurrence of this security incident is not possible and has not had and will not affect the provision of services to customers.”
A1 Hrvatska is a strategic partner of Vodafone, whose Portugal region suffered a very disruptive cyberattack three days ago that led to the disruption of 4G and 5G data services.
Strategic partners sometimes share online infrastructure, but in this case, the connection seems unlikely, even though it can’t be completely ruled out.
The incident doesn’t appear to have affected A1 Hrvatska’s services or operations, so it looks like a case of unauthorized access to a database, either through a misconfiguration or stolen credentials.
Bleeping Computer has contacted A1 Hrvatska to learn more about this incident, and we will update this post as soon as we have a response.