Colt Telecom hit by ransomware attack, over 1 million documents allegedly stolen
Learn More
UK-based telecommunications giant Colt Technology Services (Colt Telecom) was hit by a cyberattack on August 12, 2025.
The incident appears to have started on Tuesday, August 12, at around 11am BST, when customers began reporting interruptions to their service. The incident was initially reported as a technical issue, was later confirmed by the company as a cyber incident. The attack has primarily affected the Colt Online support services and Voice API platforms, forcing the company to take multiple systems offline as a protective measure.
The attack apparently exploited the ToolShell Microsoft SharePoint vulnerability. The Warlock ransomware gang claimed responsibility for the attack. They offered to sell for $200,000 a batch of one million documents allegedly stolen from Colt. The hackers published data samples to prove the validity of their claims on dark web forums.
Exposed Data apparently includes:
- Financial data
- Employee information and salary details
- Customer data
- Executive data
- Internal emails
- Network architecture information
- Software development information
The number of affected individuals has not been disclosed. Colt stated there is "no evidence that customer or employee data has been improperly accessed". This contradicts claims from the ransomware group about stealing employee salary details and personal information.
The company continues to work to restore impacted internal systems, operating in "a more manual way than normal". Customers have been advised to contact Colt via email or phone as online portals remain unavailable.
Update - As of 21st of August 2025, Colt Technology Services confirms that customer documentation was stolen. The Warlock ransomware gang has started auctioning stolen files.
