Simwood incident

Porting from Colt

Notice Resolved View vendor source →

Simwood experienced a notice incident on August 14, 2025 affecting Operations Desk, lasting 60d 19h. The incident has been resolved; the full update timeline is below.

Started
Aug 14, 2025, 01:55 PM UTC
Resolved
Oct 14, 2025, 09:05 AM UTC
Duration
60d 19h
Detected by Pingoru
Aug 14, 2025, 01:55 PM UTC

Affected components

Operations Desk

Update timeline

  1. monitoring Aug 14, 2025, 01:55 PM UTC

    Colt have advised that they are unable to complete any import or export porting orders until further notice. Their Status page (https://www.colt.net/status/) suggests an IT issue while online speculation (https://cyberplace.social/@GossiTheDog/115022343170487477) is of an undisclosed cyber attack. We will advise when we have further news.

  2. monitoring Aug 14, 2025, 05:06 PM UTC

    Colt have now confirmed an ongoing cyber-incident (https://www.colt.net/status/). At the moment voice traffic on existing ported numbers seems unaffected.

  3. monitoring Aug 15, 2025, 04:45 PM UTC

    There is no news to report here although the now admitted attack is being actively reported on, e.g. https://www.bleepingcomputer.com/news/security/colt-telecom-attack-claimed-by-warlock-ransomware-data-up-for-sale/

  4. monitoring Aug 18, 2025, 02:23 PM UTC

    Colt are still unable to process number ports, we assume as a consequence of their well publicised cyber-attack. A list of compromised files, which is asserted to be the files compromised by the attacks is at (https://www.klos.com/~john/colt_filename_tree.txt) This list contains a number of interoperability documents between Simwood and Colt. The list also contains documents that appear to be Number Portability Order Forms, although it is unclear as to whether these relate to Simwood customers. NPORs will contain some information about the Subscriber changing providers, e.g. name, address, and telephone numbers. Additionally, there is other information clearly of a sensitive nature on the list, but that does not, as far as we can tell, relate to Simwood and its customer’s relationships. At this time, we understand that Colt are working to prevent further disclosure, however, this is all the detail we have at this time. Our customers should engage their Data Protection Officers regarding the consequences of the attack on Colt as a matter of urgency.

  5. monitoring Aug 19, 2025, 12:51 PM UTC

    There is no update here other than Colt's porting team have advised there will be no imports or exports "until further notice". We continue to queue POV and porting orders for them.

  6. monitoring Aug 22, 2025, 11:58 AM UTC

    Other than restating their status page to say this was a cybersecurity incident from day one (formerly an "IT issue"), and their compromised documents being mid-auction, there is no update here. Their porting desk appear to have stopped the daily updates and are still not processing orders.

  7. monitoring Aug 24, 2025, 11:42 AM UTC

    An excellent blog has been published documenting the events so far at https://doublepulsar.com/colt-technical-services-gets-ransomwared-via-sharepoint-initial-access-some-learning-points-617da7e27ebc Colt are still not processing number ports.

  8. monitoring Aug 26, 2025, 10:10 AM UTC

    Colt are still not processing number ports. Please continue to submit porting orders normally, we have a queue and are chasing them daily.

  9. monitoring Aug 27, 2025, 07:54 AM UTC

    Colt have contacted us to say that "all port-in and port-out activities are currently on hold until next week, as we’re still working internally to stabilize the situation"

  10. monitoring Aug 28, 2025, 12:24 PM UTC

    Colt are keen to emphasise on their status page (https://www.colt.net/status/) how this didn't affect customer systems. They have also marked their cyber-incident page at https://www.colt.net/go/cyber-incident/ to "noindex" to hide it from search engines, and it isn't linked anywhere on their website. None of them mention number portability either, which they continue to not do, despite us now being in day 16.

  11. monitoring Sep 02, 2025, 09:25 AM UTC

    Colt continue to not process number ports despite down-playing the cyber-security incident which they initially responded to 21 days ago.

  12. monitoring Sep 08, 2025, 08:22 AM UTC

    27 days since Colt responded to their cyber-security incident which, after eventually admitting they have consistently down-played, they continue to be unable to process number ports. Please continue submitting them as we are queuing this side.

  13. monitoring Sep 16, 2025, 11:11 AM UTC

    Colt are still not porting and have not updated us as to the status. They have updated their "cyber-incident" page (which isn't linked on their website and is set to prevent indexing by search engines) to say they are committed to transparency. We also hear they have advised some Enterprise customers they will be unable to deliver new connectivity orders until 2026. We cannot confirm this, but if true it would be reasonable to assume that porting numbers out is not of a higher priority to them than new business. We know Ofcom are aware and hope they will be asserting appropriate priorities and full disclosure.

  14. monitoring Oct 02, 2025, 09:30 AM UTC

    In a recent update to their customers Colt claim to be nearly able to deliver on some sales orders but their regulatory obligations in porting are apparently a lower priority - no porting still.

  15. monitoring Oct 07, 2025, 10:51 AM UTC

    Colt claim to be doing excellently with processing sales orders and say "voice services will start to come back online from this week". We're not sure if this means honouring their regulatory obligations after 50 days, or just sales activity. We will advise if/when they resume porting or give a further update.

  16. resolved Oct 14, 2025, 09:05 AM UTC

    Colt have accepted our outstanding ports so this incident will be resolved after nearly 2 months.