Cyberattack on Kyivstar: what this case teaches other companies


December 12 was remembered by millions of subscribers as the day when Kyivstar fell. Although full-fledged cyberwarfare began with the full-scale invasion, this particular attack was the most tangible for Ukrainians. In addition to destroying much of the digital infrastructure and leaving 24 million subscribers without communication, the attack was accompanied by fraudulent attacks and disinformation.

While many were shocked, such attacks are not uncommon. In an interview with the company’s president, Oleksandr Komarov, said that about 500 serious attacks have been repelled since the beginning of the invasion, including those on Kyivstar alone. At least on the same day, monobank repelled a powerful DDos attack.

In this article, we will look at general ways to ensure the security of digital infrastructure. The lawyers also draw attention to the consequences for companies in case of negligence in protecting information. For example, if a company is found liable for negligence or non-compliance with personal data protection standards, it will result in significant compensation payments. In fact, Kyivstar has already done this on its own, without charging subscribers another subscription fee.

Digital infrastructure security

Hackers are targeting various corporations that ensure the well-being of Ukrainians. But based on previous experience, you can learn how to protect your infrastructure from attacks. The European Software Engineering Association asked its residents how to strengthen the company’s cybersecurity.

It’s worth starting with which companies are at risk of cyberattacks. According to Dmytro Tsiluyko, Head of Product at NIT – Learning and Technology, the main targets of attackers are critical infrastructure and those enterprises that contain data on individuals and business entities. Recently, Russian hackers have been behind the attacks, aiming to cause the most damage and losses.

When it comes to personal data, companies most often collect a customer’s name and email address. According to Dmitriy, the leakage of customer names does not pose a big threat, unlike emails. First, hackers can use them to send spam and malware. But for an experienced user, this is not a major problem. The second threat is that many people use the same email for both entertainment and financial transactions. If attackers get this data, it will allow them to access user accounts.

Kyivstar representatives report that despite the significant damage to the infrastructure, no subscriber data was lost. If this had happened, the consequences could have been catastrophic, as hackers could have gained access to subscribers’ contacts. It is worth noting that the attack on Kyivstar took place through the account of an employee of the company. The account data could have been compromised either due to the employee’s dishonesty or through social engineering – the details are still unknown, and the investigation is being conducted by law enforcement.

Укртелеком перевел два дата-центра на архитектуру SDN

Legal implications for the company

Vyacheslav Ustymenko, Head of Innovations Division at Icon.Partners, answered the question about the legal consequences for the company. In particular, he noted the following penalties for negligent handling of personal data:

  • Fines and regulatory sanctions. Many countries have laws on personal data protection, such as the General Data Protection Regulation (GDPR) in the European Union. It imposes heavy fines on companies that fail to properly protect users’ personal data. The Constitution of Ukraine also provides for the protection of personal data, but it does not apply to all data that websites can collect.
  • Lawsuits. If a company is found liable for negligence or failure to comply with personal data protection standards, it could be subject to significant compensation payments.
  • Reputational damage. Loss of consumer confidence affects businesses, as customers may choose a more reliable company.
  • Operational disruptions. After a data breach, a company may need to halt certain operations to investigate and fix the problem. This affects contractual obligations or leads to further data security issues.
  • Increased regulatory scrutiny. Following a data breach, companies often face increased scrutiny from regulators.

CERT-UA закликає притримуватися правил кібербезпеки

Cybersecurity measures

The main skill that can protect users is digital education. Clients should monitor password changes and complexity, as well as cyber hygiene. If hackers obtain the data, they can expect malicious links and infected software to be sent. In addition, such attacks are often followed by disinformation, so you should learn about any updates to services from trusted sources. An experienced user will be able to distinguish between a fraudulent spoof and a genuine statement from the company.

The Kyivstar incident emphasizes the need for cybersecurity measures for many corporations. According to Viacheslav, it is necessary to invest in advanced security protocols, regular system updates, and employee training in cybersecurity best practices. Time should also be devoted to preparing for potential incidents. Every company should plan its actions in the event of a cyberattack: immediate measures to protect systems, assess the extent of damage, communicate with stakeholders, etc. Such a plan should be constantly reviewed and updated, taking into account all possible factors.


Viacheslav also added the most relevant measures for data preservation. First, it is periodic data backup, for example, daily. In the event of an attack on the infrastructure, the company can deploy cold copies on new equipment and restore the system. With cold backups, only the operational data for the previous day is lost. There is also a “hot” copy, in which data is stored permanently. It requires more resources, but no information is lost.

Secondly, there is another precautionary measure that you should pay attention to – “resource mirroring”. It means that a “mirror” of the data center operates in parallel with the data center, to which the work is switched in case of its damage.

And the most important thing is training and adaptation. In cyber warfare, attack trends and tools are changing too quickly, so companies should always examine the state of their security systems and adapt strategies to current events. This includes investing in new technologies, reviewing policies, and regularly training employees.

In addition to these methods, Dmytro Tsiluyko added simpler but equally effective cybersecurity tools. A company can diversify risks by distributing access levels, constantly updating authorization methods, using dynamic authorization methods, and most importantly, by constantly monitoring employees who have access to sensitive data. Every doubt about their integrity or knowledge is a big risk – both for the company and for customers.


Please enter your comment!
Please enter your name here