In 2023, electronic communications network and service providers notified a total of 30 security incidents to ANACOM, 7 less than the previous year, and the lowest number since 2015, as illustrated in graph 1.
Despite the lower number of incidents notified, their impact was higher compared to the previous year, since 6.9 million subscribers were affected, 7% more than in 2022. This increase was largely due to the occurrence, in December, of one incident involving the voice interconnection of two leading communications operators in Portugal, with an impact on the mobile telephony service.
Contrary to the previous year, which had a uniform distribution in the number of incidents throughout the year, most of the incidents notified to ANACOM in 2023 occurred in the 3rd and 4th quarters, the former having the highest number of notifications. The districts of Lisbon and Porto had the highest number of incidents in electronic communications networks and services.
The root cause of “Accident/natural phenomenon” was at the origin of most notifications received in 2023. The root causes of “Maintenance or failure of hardware or software” and, in second place, “Malicious attack”, and, in third place, the root cause of “Failure to provide goods or services by a third party” accounted for slightly more than half of the total security incidents notified (53%), namely due to causes associated with power failures, broken optical fibre cables, system/equipment malfunctions and scheduled service shutdowns for maintenance work.
Graph 1 – Volume and annual variation in security incidents notified in 2015-2023
Unit: Number of security incidents
Source: ANACOM
Most security incidents simultaneously impacted more than one publicly available electronic communications services. The fixed telephone service was the most affected, with 67% of all security incidents received, followed by the fixed Internet access service and the subscription television service, both referenced in 57% of the incidents.
Graph 2 – Distribution of reported security incidents for each affected type of service, 2015-2023
Unit: % of security incidents
Source: ANACOM
The ANACOM Security Regulation states that electronic communications companies must notify the public in situations of incidents of higher impact. As regards the 30 incidents that occurred in 2023, information was provided to the public in 10 cases.
Consult:
- Report on security breaches or loss of integrity (2023) https://www.anacom.pt/render.jsp?contentId=1784685
