During the night of July 13, 2023, employees of a renowned Nigerian telecoms company faced difficulties accessing their emails and work applications due to a major cyber attack. The disruption escalated, affecting various departments and hindering their productivity.
The attack led to the inability to send or receive emails, and essential work applications became inaccessible. This left employees stranded without proper communication channels and tools to carry out their tasks effectively.
The customer service department was hit hard as customers faced challenges reaching out for support. Calls were either not going through or were abruptly disconnected, leaving customers frustrated and unable to engage with the company for at least three weeks.
Internally, crucial communication tools like Microsoft Teams were down, severing connections between teams. Additionally, the Human Resource Management Information System (HRMIS) became unreachable, disrupting basic administrative functions such as leave requests and payroll processing.
The situation worsened as it was discovered that hackers had accessed customer data, posing a significant threat to the company’s security and customer privacy.
A cybersecurity expert revealed that the attack on the company had been in the works for weeks, with intermittent outages serving as tests leading up to the major breach. The method of attack indicated a Domain Name System (DNS) hijack, allowing hackers to control email servers and connected work applications.
Despite the severity of the attack, the company did not report it promptly as required by the Nigeria Data Protection Act 2023. The breach was later identified by the Nigerian Communications Commission, highlighting the company’s failure to comply with data protection regulations.
As the company grappled with the aftermath of the attack, internal communications shifted to platforms like WhatsApp due to the unavailability of official tools. This workaround persisted for several months, reflecting the company’s struggle to regain normalcy after the cyber attack.
The incident at the telecoms company is part of a broader trend in Africa where cyber attacks on companies and institutions are on the rise. Recent data shows a significant increase in cyber attacks globally, emphasizing the need for robust cybersecurity measures.
The attack on the telecoms company was not an isolated event, as another major Nigerian telecoms provider also faced a cyber incident. The industry’s vulnerability to cyber threats underscores the importance of proactive cybersecurity measures and transparency in handling such breaches.
Despite ongoing attempts to reach out to the company for comments and clarifications, there has been no official response or detailed explanation of the incident from Globacom. The lack of transparency and accountability in addressing the breach raises concerns about the company’s commitment to safeguarding customer data and preventing future attacks.
As cyber threats evolve and become more sophisticated, companies must prioritize cybersecurity measures and transparency to protect their systems and regain trust from customers and regulators.