Cyber Incident

Answering your key questions

cloud-solutions

On this page:

Helpful links:

About our ongoing cyber incident

Last updated: 17:00 BST, 20th August, 2025

A cyber incident has affected our business support systems, which are separate from our customers' infrastructure. We took immediate proactive measures to ensure the safety of our customers, colleagues, and business, and we proactively notified the relevant authorities.

Through our extensive investigation, we have determined that some data has been taken. Our priority is to determine at pace the precise nature of the data that is impacted and notify any affected parties.

Our dedicated incident response team, including external investigators and forensic experts, is working to investigate this incident. This has, and will continue, 24/7.

We continue to work closely with law enforcement agencies as part of our investigation.

What has happened

We recently experienced a cyber incident on a business support system, which is separate to our customers' infrastructure. Upon detecting the incident, we immediately took steps to contain and investigate the issue.

We are now aware that the threat actor has accessed certain files that may contain data related to our customers. Our immediate priority is to determine the precise nature of the files and what information they contain.

How we responded

On identification of the incident, we took significant actions and protective measures in response to ensure the security of our customers, colleagues and business:

We have proactively taken some systems offline, which has led to a disruption to some elements of our service

We have brought in specialist third-party investigation, forensic and cyber support

We have implemented enhanced containment and security measures to further harden our systems and help prevent similar incidents in the future

We have proactively notified the relevant regulators and authorities, and we continue to work closely with law enforcement agencies as part of our investigation

We would like to reassure you that this cyber incident is limited to our business support systems which are strictly separated from our customer infrastructure, ensuring that authentication systems are not shared between the two environments.

Service impact

As part of our response, we proactively took some systems offline – which has led to disruption to some of our Business Support Services.

As a result, customers may find the following services unavailable:

Voice-in-your-CSP-offering-1

Colt Online customer portal

Number hosting

Number Hosting APIs

Ultra Low Latency

Colt On Demand (NaaS portal)

Dedicated Connectivity

Ordering and delivery of new services

In addition, several of our customer-focused automated processes and systems have been taken offline as part of our response effort. As a result, it is taking us longer to respond and resolve to customer inquiries and requests.

Frequently asked questions

We first became aware of an issue on the morning of 12 August. As soon as it was clear that the issue was significant - at around 11AM - we mobilised our major incident response process. The dedicated response team have been mitigating the impacts of the incident as well as taking all possible steps to ensure the security of customers, partners and staff. As investigations have proceeded, we have gathered enough evidence to suggest the root cause of the issue was a cyber incident.

We have taken significant actions in response:

1. Full Incident Management Mobilisation:
We have immediately activated our incident management process, bringing together our most experienced personnel - including our Executive team - to coordinate the response and recovery efforts. As part of this we have established a dedicated incident response team operating 24/7.

2. Specialist Expertise:
We have engaged external investigators and forensic experts to conduct a thorough investigation and support our service restoration.  

3. Precautionary System Shutdown:
As a precautionary measure, we have temporarily shut down several systems, applications, and network links.  

4. Employee Communication and Guidance:
Detailed instructions and guidance have been provided to all employees to ensure they understand the situation and take appropriate action to safeguard our customers and business.

5. Enhanced Security Measures:
We have implemented a series of tactical and emergency containment measures. This includes actions related to detection capabilities, access controls, security visibility, and overall security controls.  

6. Law Enforcement and Regulatory Notifications:
We have promptly notified law enforcement agencies, the National Cyber Security Centre (NCSC) in the UK and appropriate regulatory bodies to ensure appropriate legal and regulatory compliance and to leverage their expertise in the investigation and response.

We have isolated and temporarily closed down many of our business support systems to maintain customer security, some elements of service our unavailable. These include:

1. Colt Online
While this platform is offline we ask customers to raise issues with out team via phone or email.

2. Number Hosting API platform:
Our Number Hosting API platform is currently not available to any customers.

3. Colt On Demand & Voice On Demand
Both our On Demand (NaaS) & Voice On Demand portals are currently not available to any customers.

There are other impacts on our customers, primarily that we have temporarily suspended access to our quoting and ordering systems, so we cannot take new customer orders currently. 

The delivery of new services, which have been already ordered will (in most cases) be rescheduled.

Our operations teams are still accepting phone calls and emails from customers. However please be aware that it will take us longer to respond and resolve than usual as many of our automated processes and systems have been taken temporarily offline.

We’re working around the clock to restore our systems. It’s too early to give an exact timeline at the moment, but we’ll provide regular updates to keep you informed.

A criminal group has accessed certain files from our systems that may contain information related to our customers and posted the document titles on the dark web.

We understand that this is concerning for you.

Customers are able to request a list of filenames posted on the dark web from the dedicated call centre.

Contacting us

Our account teams, customer success and operations teams remain available for our customers.

As we have taken many of our business support systems down to safeguard customer security and accelerate service restoration, our responses will take longer than they usually would. We are grateful for your patience as we resolve this issue.

We have set up a dedicated telephone line to help answer any questions you may have.

Flag_of_UK

United Kingdom

Get in touch with us via the below options:

+44 203 059 6021 (International)

Flag_of_France

France

Get in touch with us via the below options:

Flag_of_Germany

Germany

Get in touch with us via the below options:

Flag_of_Italy

Italy

Get in touch with us via the below options:

Flag_of_Spain

Spain

Get in touch with us via the below options:

Flag_of_Japan

Japan / APAC

Get in touch with us via the below options:

flag-square-250

United States

Get in touch with us via the below options:

We are working around the clock to resolve this issue and restore services. We advise our customers to check our Status page and to look out for further communications.