Vodafone Portugal (February 2022)

In February 2022, Vodafone Portugal experienced a network outage caused by a deliberate cyber attack that was intended to cause disruption. No malware or malicious software was installed, and the attack method would be described as a ‘living off the land’ attack because it did not use any specialist tools. The attack relied on sophisticated social engineering, and a deep understanding of IT systems and networks. Investigations revealed that no customer data was accessed or compromised. No other Vodafone markets experienced any disruption from this incident.

The outage affected the data network in Portugal. The impact was loss of some voice and data services, some TV services and enterprise and business applications across the country, as well as international connections. During the incident, 4.7 million mobile and one million fixed line customers were impacted, with some customers having both services. Home broadband and linear TV were unaffected by the attack. On detecting the incident, we utilised our global incident management framework and immediately took action to identify, contain further risk and restore services quickly. Mobile data services and interconnections with other operators were resumed within eight hours of the attack, with other services being recovered during the next 48 hours. The Vodafone Portugal CEO rapidly and proactively communicated with customers, and the team used online, social media and press information and articles to inform customers of our recovery progress. Our cyber security team worked with local law enforcement and security agencies during the investigation.

The direct costs of the incident were estimated in the range of €5 million and were deemed not to be financially material in the context of Vodafone Portugal’s operations and the wider Vodafone Group.