.png)
Frontier Communications Ransomware 2024: 750K Customers, RansomHub
Breach Summary
The Frontier Communications ransomware attack of April 2024 disrupted operations at one of the largest US internet service providers, with the RansomHub ransomware group stealing sensitive data on approximately 750,000 customers including Social Security numbers. The attack demonstrated that internet infrastructure companies are high-value ransomware targets whose compromise can have cascading effects on the customers and businesses that depend on their connectivity services.
What Happened
Frontier Communications disclosed the ransomware attack in April 2024 after detecting the intrusion and taking systems offline. The company notified the SEC under the new cybersecurity disclosure rules. RansomHub claimed responsibility and published stolen data when Frontier did not pay. The FCC opened an investigation into the breach. Frontier disclosed in June 2024 that approximately 750,000 customers had their information stolen, including Social Security numbers, in addition to other PII.
Attack Vector Detail
RansomHub, a ransomware-as-a-service group that emerged in early 2024 and absorbed former ALPHV affiliates after BlackCat's exit scam, claimed the Frontier attack. The group exfiltrated data including customer names, addresses, Social Security numbers, and other personally identifiable information before Frontier detected the intrusion. Frontier took systems offline as a containment measure, disrupting some operational systems. RansomHub published the stolen data when ransom demands were not met.
Breach Pattern Timeline
April 14, 2024
Frontier Communications — major U.S. telecommunications and broadband provider — detects unauthorized access to its IT systems. Activates incident response.
April 14-17, 2024
Frontier takes some systems offline as containment measure. Customer-facing portals and some business operations briefly disrupted.
April 18, 2024
Frontier 8-K SEC filing discloses cyber incident. Confirms unauthorized access and data theft. Stock declines.
April 22, 2024
RansomHub ransomware-as-a-service group claims responsibility. RansomHub had emerged in early 2024 as the successor brand for many former ALPHV/BlackCat affiliates after that group's exit scam following Change Healthcare.
June 6, 2024
Frontier confirms data breach affecting ~750,000 customers. Personal information including names, dates of birth, and Social Security numbers exposed.
June 10-30, 2024
Frontier sends notifications to affected customers. Provides free credit monitoring. Class action lawsuits filed.
September 2024
Frontier emerges from cyber incident having implemented enhanced security measures. Ongoing class action consolidation in federal court.
2024-2026
Frontier-RansomHub case becomes part of broader pattern of RansomHub strikes against telecommunications and infrastructure providers. RansomHub becomes the most active ransomware brand in late 2024 / 2025 following ALPHV/BlackCat collapse.
Total impact: ~750,000 customers affected (PII including SSNs), foundational precedent for RansomHub successor brand operations following ALPHV/BlackCat collapse and telecom sector ransomware exposure.
Executive Lessons
The Frontier breach illustrated the emergence of RansomHub as the dominant ransomware platform following ALPHV's collapse — demonstrating that the affiliate ecosystem migrates rather than dissolves when law enforcement disrupts major operators. Frontier's FCC regulatory exposure added a sector-specific dimension to the breach response that telecommunications organizations must prepare for.
Related Reading
Private Equity Implications
For PE sponsors with telecommunications, cable, or internet service portfolio companies, the Frontier breach illustrates that customer identity data collected for service provisioning — SSNs, credit checks, identity verification — creates ransomware liability proportionate to the sensitivity of that data. Regulatory exposure from FCC, FTC, and state attorneys general adds a distinct liability dimension beyond class action exposure for telecom breaches involving customer PII.