Colt Technology Services, a multi-national telecom and data center services company, has now confirmed that customer data was stolen in a recent cyberattack, reversing its earlier claims that only internal systems were impacted. The hacker group Warlock had previously announced it was auctioning off the stolen data, contradicting Colt’s initial denial. As a result of the breach, several critical customer-facing services - such as the Colt Online portal, Voice API, number hosting API, and the Colt On Demand platform - have been offline since August 12, with no clear timeline for full restoration.

Colt has since launched a dedicated page acknowledging the data theft and allowing customers to request information about whether their data appears in listings on the dark web. However, the company has yet to determine precisely which data was compromised or which customers are affected. This delay and lack of clarity stands in contrast to best practices in incident response, where prompt and transparent communication is essential. Warlock, known for exploiting SharePoint vulnerabilities, opted for an unusual private auction of the stolen data instead of the typical double extortion method. The group has quickly risen in prominence, targeting both private and government entities.

This incident underscores the urgent need for full cyber visibility and end-to-end security. Without deep, continuous monitoring across all layers of infrastructure with platforms like NIKSUN - including application services, APIs, data platforms, and collaboration tools like SharePoint - organizations risk being blindsided by threats that can go undetected for too long. Proactive threat detection, forensic capabilities, and real-time intelligence into user behavior and data flows are essential to both mitigate breaches and accelerate response. In today’s threat landscape, partial visibility is no visibility. Read more about this story on our LinkedIn page