Cybersecurity firm Ethiack has published research revealing that nearly one in five web servers operated by UK telecoms providers are inadvertently disclosing software type and version details through their HTTP response banners, information that can serve as a navigational guide for cybercriminals seeking exploitable weaknesses.
The findings form part of Ethiack's State of Digital Exposure to Cybercrime for European Telecoms report, which analysed more than 50,000 digital assets, including customer portals, APIs, email servers, and administrative systems, belonging to nearly 600 telecoms providers operating across 30 European countries. UK telecoms operators, including BT, Vodafone, and Three, contributed over 8,300 assets to the dataset, the highest volume of any country in the study.
Although 19% represents a lower exposure rate than the European average of 47%, the volume of affected assets remains significant. Exposing server software details in HTTP response banners does not, in itself, constitute a vulnerability, but the information can allow skilled attackers to identify which known exploits may apply to a given system. According to a company official, state-sponsored and sophisticated threat actors increasingly use AI-driven automation to scan large numbers of sites for precisely this kind of technical information.
SSL certificate failures and critical asset exposure
Beyond banner disclosure, the report identified further weaknesses. Nearly two in five (37%) of the SSL certificates in use across European telecoms websites were found to be invalid, expired, or misconfigured. SSL certificates serve a dual function: encrypting data in transit and verifying the authenticity of a provider's website. Where these certificates are absent or invalid, customer data submitted via login or order forms may be intercepted, and threat actors can exploit the gap to impersonate legitimate sites.
In total, Ethiack's analysis flagged 1,452 critical assets (including VPNs, administrative panels, and customer-facing systems) with significant security weaknesses that could directly impact operations and customer data.
A sector under sustained pressure
The research arrives in the context of a series of high-profile attacks on European telecoms infrastructure. In January 2025, two major France-based telecoms providers were fined a combined EUR 42 million following a breach that exposed the personal data of 24 million customers. In 2024, Spain-based Orange, the country's second-largest mobile network, was taken offline by a cyberattack. In the UK, London-based Colt Technology Services faced three months of operational disruption in 2025 following a ransomware attack, and was required to file more than 75 reports to regulators, law enforcement bodies, cybersecurity agencies, and emergency services across 27 countries.
The sector's structural complexity compounds the challenge. Telecoms operators typically manage a combination of legacy platforms, cloud infrastructure, third-party integrations, and shadow IT environments, a combination that expands the attack surface and can cause misconfigurations to go undetected. The report also references Google Cloud data indicating that the average time between a software patch release and active exploitation has fallen from days to hours, raising the bar for security teams attempting to stay ahead of threat actors.
The findings echo a cautionary precedent from the UK market: in 2015, broadband provider TalkTalk was fined GBP 400,000 after hackers exploited a vulnerability in its web assets to steal the personal data of 157,000 customers, including the bank details of nearly 16,000 individuals. The Ethiack report suggests that, a decade on, basic security hygiene gaps persist across the European telecoms sector.
Ethiack's report advocates for continuous, automated attack surface monitoring and testing as a replacement for periodic security assessments, arguing that the pace of change in modern telecoms environments requires security processes that can operate at the same speed as evolving threat actor tooling.
