Frontier Communications (Frontier) faces three class action lawsuits in relation to a cyber data breach in which the criminal ransomware group, RansomHub, stole personally identifiable information (PII) of over 750,000 Frontier customers. The lawsuits allege that Frontier did not properly maintain and safeguard its computer systems and data.

Bottom Line: This is yet another demonstration of the importance of constant cybersecurity monitoring of both IT and OT networks.  When faced with suspicious activity on the network, carriers should act quickly to contact legal counsel, identify the potential vulnerabilities, and mitigate any disclosure of customer PII.

On April 14, 2024, Frontier detected abnormal activity regarding its computer systems due to the acts of a criminal ransomware group, RansomHub.  According to RansomHub, Frontier allegedly ignored its contact requests for two months, likely regarding a ransom payment for its customer data.  After allegedly no response from Frontier, RansomHub decided to publish Frontier customers’ PII.

Frontier would later disclose this cyberattack to the Securities and Exchange Commission (SEC) in May.  Frontier stated in its disclosure to the SEC that “[b]ased on our investigation, we have determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information,” while adding that it “engaged cybersecurity experts and have notified law enforcement authorities.”  Frontier further added that it does not believe any financial information was impacted.

Frontier contacted its approximately 751,895 affected customers of the data breach starting around June 6, 2024, notifying them that their personal information was stolen.  Frontier has offered its customers one-year of complimentary credit monitoring and identify theft resolution services.

Class Action Lawsuits 

Three class action lawsuits were filed in the Northern District of Texas, all alleging that Frontier was negligent and reckless in maintaining and safeguarding its computer systems and data.  The plaintiffs further claim that the data breach makes Frontier’s customers more susceptible to identify theft and thus Frontier should be liable.  One of the complaints went as far to state that “Frontier knew or should have known that its electronic records would be targeted by cybercriminals.”