The incident left many users with devices stuck in SOS mode for several days, unable to make calls or send messages. The disruption began on May 14, when Cellcom detected “unusual activity” on its network and proactively shut down systems to prevent further damage. The move left thousands of customers, particularly in northeastern Wisconsin, including the Green Bay area, and parts of Michigan, without basic communication services for nearly a week. Limited service began to resume on May 19.
Cellcom: Services Restored for Most, But Issues May Persist
As of this week, Cellcom, which Nsight owns, confirmed that most users have regained the ability to make and receive calls and texts. According to an update on the company’s website, both inbound and outbound services are “performing well”, although some intermittent issues may still occur as systems stabilize.
CEO Addresses Customers, FBI Involved in Ongoing Investigation
Cellcom CEO Brighid Riordan addressed the situation in a YouTube video shared last week, explaining that the company began investigating the cyberattack immediately after detection. Authorities, including the FBI, were notified, and cybersecurity experts were brought in to assist.
At the time of the video update, Riordan acknowledged that the company did not yet have full details about the nature of the attack. However, she assured customers that there is no evidence of a data breach, and the attack appears to have affected a separate portion of the network, isolated from the systems that store sensitive customer information.
“We have a high degree of confidence that this was a service-related disruption, not a compromise of customer data,” the company said in an official statement.
Riordan expressed frustration over the incident, both as an executive and on behalf of customers, saying she was “angry” about the attack. She emphasized that Cellcom is “doing everything we can” to mitigate the impact and fully restore services. She also thanked customers for their patience during the outage.
Experts Point to DDoS as a Likely Cause
While Cellcom has not publicly confirmed the exact nature of the cyberattack, industry experts suggest a Distributed Denial-of-Service (DDoS) attack may have been involved. These attacks flood a network with traffic, overwhelm systems, and disrupt services, which is particularly damaging for telecommunications providers.
Lawrence Pingree, VP at network security firm Dispersive, noted that even regional providers like Cellcom can become victims of these attacks, mainly if a compromised IoT or OT device, such as a rogue router, is used to launch traffic-heavy disruptions.
“These devices can be weaponized for broadband-based DDoS attacks using tools like Slowloris, CC-Attack, or DDoS Ripper,” Pingree explained. “Even modest amounts of duplicated traffic across thousands of compromised residential proxies can cripple a network’s ability to respond.”
He added that this scenario can be difficult to manage without specialized infrastructure, such as systems capable of real-time traffic rerouting and load elimination.
A Broader Pattern of Telecom Targeting
This incident follows a broader trend of increasing attacks on telecom providers worldwide. Last year, major U.S. carriers, including AT&T, Verizon, and T-Mobile, were among the targets of a campaign attributed to the Chinese state-sponsored group Salt Typhoon. The campaign spanned six continents, underlining how critical and vulnerable telecom infrastructure has become.
Though Cellcom is a regional carrier, the interconnected nature of networks means even smaller providers can be caught in the crossfire or directly targeted through exposed endpoints and compromised devices.
What Comes Next
As Cellcom continues working to stabilize its systems and investigate the root cause of the attack, cybersecurity professionals are urging telecom providers of all sizes to focus not just on detection and response, but also prevention.
“DDoS attackers constantly shift tactics. Just solving one vector won’t be enough, another method is always waiting,” Pingree warned. “Proactive cyber defense is essential, especially in industries where outages can quickly erode customer trust and reputation.”
Cellcom customers can expect services to continue improving, though the full technical recovery and answers about what exactly happened may still be in progress.
