20,000 modems were replaced by Eir after an investigation by the Data Protection Commissioner.
In December 2016, Paul Bradley, director of communications at Eir, shared details of a security flaw in some models of modems used by the company, which exposed customers to potential malware. The vulnerability had been made known to the company on 22 November 2016.
Today (6 November), a report in The Irish Times said that almost 20,000 modems had to be replaced for customers on basic packages without fibre access.
Thousands of customers contacted by Eir
At the time of the original disclosure of the flaw, Eir contacted around 130,000 customers in relation to the hack.
Bradley explained that the company had done its own testing to determine the severity of the situation: “In our investigations, we looked to see if there was an indication that some of this malware had established itself in advance of getting the mitigations in place.”
The comms giant found that 2,000 customer routers had been breached. The modems affected were the Zyxel D1000 and Zyxel P-66Ohn-T1A.
The problem was originally brought to Eir’s attention via an online message board. At a simple level, the hack involved a port that acted like a gateway for the modem to be managed by Eir, which, if exposed, could have allowed cyber-criminals to load accessed devices with malware.
Speaking on Morning Ireland at the time, Bradley said there was “no indication” that data had been accessed or lost.
DPC investigation
Eir reported the issue to the Data Protection Commissioner (DPC), An Garda Siochána and the National Cyber Security Centre, and advised customers to reset their routers.
The DPC conducted an investigation, which led to the replacement of the 20,000 modems.
Eir said letters were sent to all affected customers who needed a replacement modem, and replacements would be delivered to their homes or premises via courier service.
The company also said it would commit to put procedural measures in place in terms of the life cycles of modems given to customers, paying particular attention to the strength of modem security features over the lifetime of a router.