Duo Broadband Data Breach Affects 42,518 Customers: SSNs Exposed

On March 17, 2025, Duo County Telephone Cooperative Corporation, Inc. and Cumberland Cellular, LLC, operating together as Duo Broadband, detected unauthorized access to sensitive personal information belonging to their customers. The breach was first discovered as a cyber threat actor attempted to disrupt the systems of Communications Data Group, Inc., Duo Broadband’s billing vendor, on February 13, 2025.

The attack appeared to be an effort to deploy ransomware and solicit a ransom payment. The company attempted to seecure the systems and terminate the unauthorized access, and law enforcement was notified as required by federal regulations.

After further investigation, it was determined that certain sensitive personal information had been accessed including first and last names, addresses, dates of birth, and Social Security Numbers—information that is considered personally identifiable information (PII).

A total of 42,518 individuals in the United States were affected by this breach including 5 individuals in Maine and 8 in Massachusetts. The breach was disclosed to the Maine Attorney General’s office on May 16, 2025, and to the Massachusetts Attorney General’s office on May 15, 2025. Written notification was sent to affected consumers on May 15, 2025.

Duo Broadband's response

In response to the breach, Duo Broadband and their billing vendor, Communications Data Group, secured their systems and prevent further unauthorized access. They reinforced access controls, conducted a comprehensive security review, and reevaluated third-party vendor management processes. At the time of notification, there was no evidence that any of the exposed information had been misused, including for identity theft.

To support affected individuals, Duo Broadband has partnered with Kroll, a global leader in risk mitigation and response, to provide complimentary identity monitoring services. This includes credit monitoring, fraud consultation, and identity theft restoration for a specified period.

Customers are encouraged to activate these services as soon as possible and remain vigilant by reviewing account statements and monitoring their credit reports for unauthorized activity. Additional resources and recommendations from the Federal Trade Commission are provided to help protect against identity theft, including information on how to place a fraud alert or security freeze on credit files.

If you believe you may have been affected, it is important to take advantage of the free identity monitoring services, stay alert for suspicious activity, and follow the steps outlined in the notice sent to you. For further assistance, customers can contact the dedicated support line provided in the notification letter.

For more information about the company and its services, visit Duo Broadband’s official website.