IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Flux result 8c459e3e 68ea 48d4 a1bb 6a3b737b8291
#
VPNs
#
Ransomware
#
DevOps

UK telecom servers expose security details, study finds

Wed, 15th Apr 2026
Author image
By Shannon Williams, News Editor

Ethiack has found that 19% of UK telecom web servers expose security-critical configuration information. Its wider European analysis also found that 37% of telecom website security certificates were invalid, expired or misconfigured.

The findings are based on an analysis of 50,283 public-facing digital assets across 591 telecom providers in Europe, including websites, servers, APIs and cloud services. In the UK, the study covered more than 8,300 assets linked to operators including BT, Vodafone and Three, the highest country total in the survey.

The exposed information appeared in HTTP response banners that reveal a server's software type and version. While that is not classed as a vulnerability on its own, it can help attackers identify systems that may be easier to target.

Across Europe, the average rate of web server information exposure was 47%, compared with 19% in the UK. Ethiack also identified 1,452 critical assets, including VPNs, administrative panels and customer-facing systems, with significant security weaknesses.

SSL certificates are designed to encrypt data sent between users and websites and confirm that a site is authentic. When certificates are invalid or incorrectly configured, customer data entered during log-ins or purchases may be at greater risk of interception, and attackers may find it easier to imitate a legitimate site.

Sector Risks

The research comes amid renewed scrutiny of cyber security in telecoms, a sector that underpins consumer communications and supports services used by banks, transport operators and emergency responders. Recent attacks have shown how service disruption and data exposure can spread beyond a single company.

TalkTalk was fined a record GBP £400,000 after hackers stole the personal data of 157,000 customers, including nearly 16,000 sets of bank details, in a breach linked to a web vulnerability. More recently, Colt Technology Services suffered three months of disruption after a ransomware attack and had to notify authorities in 27 countries, filing more than 75 reports to regulators, law enforcement bodies, cyber agencies and emergency services.

Elsewhere in Europe, two French telecom providers were fined a combined €42 million after a breach exposed the personal details of 24 million customers. In Spain, Orange was taken offline by a cyberattack that affected its network operations.

The findings point to a broader problem in telecom infrastructure, where large, constantly changing digital estates can make it difficult for security teams to maintain visibility. Legacy systems, cloud services, third-party connections and unofficial technology deployments can all increase the number of systems that need monitoring.

Jorge Monteiro, chief executive of Ethiack, said: "Revealing the type and version of the software your server runs gives away vital clues about your security posture and can leave you wide open to cyberattack.

"Skilled and state-sponsored hackers, who use automation and AI to scan vast numbers of websites for exploitable risks, know how to exploit this information and can use it as a roadmap for an attack."

Attack Pace

Ethiack also pointed to a change in the speed of cyberattacks. Citing Google Cloud data, it said the average time between a patch release and active exploitation has narrowed from days to hours, increasing pressure on telecom security teams.

Monteiro said the structure of telecom networks makes that challenge harder to manage. "By definition, telecom providers are among the most connected organisations in the world. That hyperconnectivity is both their strength and their biggest vulnerability.

"Our analysis shows that many telecom firms struggle with basic security hygiene, not through negligence or error, but because their IT systems are highly complex and constantly evolving. The combination of legacy platforms, cloud infrastructure, third-party integrations and shadow IT environments expands the attack surface and creates blind spots for security teams, allowing small misconfigurations to emerge unnoticed.

"Cybercriminals now use AI to scan and exploit vulnerabilities 24/7, and the time-to-exploit, which tracks the average time between a software patch release and active exploitation, has plunged from days to just hours.

"That's why cyber security teams trying to keep pace with threat actors often feel like they're running just to stand still, and why periodic security checks are no longer enough to manage rising risk levels.

"If your attack surface is changing every day, your penetration testing needs to operate at the same speed. We're working with some of the most forward-thinking telecoms brands to deliver continuous attack surface monitoring and testing, enabling them to identify exploitable vulnerabilities and fix them as soon as they emerge."

Related stories
Protegrity launches AI Team Edition for secure inferencing
CERN joins OpenSearch foundation as associate member
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Canva launches AI 2.0 to turn prompts into editable designs

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment