Cellcom was hit by a cyberattack that took out services for 75,000 customers in Wisconsin. Although they serve Michigan, that state was not affected by the attack.
Last weekend, Wisconsin’s regional carrier, Cellcom, whose parent company is Nsight, confirmed that a sophisticated cyberattack brought down its voice and SMS networks, leaving thousands of customers unable to make calls or send texts. The incident, first detected late Friday evening, underscores the growing threat of targeted assaults on telecommunications infrastructure and follows an alarming pattern of service disruptions across the industry.
Timeline of the Outage and Attack
Friday, May 23, 2025, 10:45 PM: Cellcom’s internal monitoring flagged unexplained failures across its Voice over LTE (VoLTE) systems in Northeast Wisconsin. Initial troubleshooting pointed to hardware issues, but engineers soon discovered anomalous traffic patterns consistent with a distributed denial-of-service (DDoS) attack.
Saturday, May 24, 2025, 1:15 AM: A social-media post on Cellcom’s Facebook page acknowledged the incident as a “cyber event,” warning that voice and SMS would remain offline “until further notice” while data and messaging apps like iMessage functioned normally.
Sunday, May 25, 2025, 9:30 AM: Partial restoration began for internal voice calls, but customer-facing services mainly remained down. Cellcom’s CEO, Brighid Riordan, issued a public apology and pledged a complete remediation timeline by Monday afternoon.
Monday, May 26, 2025, 6:00 AM: Cellcom announced that voice and SMS services between subscribers were fully restored, although calls to other networks and long-distance texting continued to experience intermittent failures.
Scope and Impact on Customers
Approximately 75,000 Cellcom subscribers in Northeastern Wisconsin experienced complete voice and text blackouts over the weekend, according to engineering logs shared with Communications Daily. Critical 911 services remained accessible via backup circuits, but many users reported confusion and frustration as they could not call family members or receive authentication codes for banking and healthcare apps
Local businesses, such as home-health agencies and medical clinics, that rely on SMS alerts were forced to revert to email and landline systems, incurring additional costs. One small-business owner in Green Bay told The Review Hive that “we had to scramble to inform staff of Saturday’s schedule changes by email because our SMS gateway was completely down.”
Cyber-security firm Imperva’s analysis of the event indicates a multi-vector DDoS assault peaking at 4.8 million requests per second (RPS)—one of the largest seen against a regional carrier this year. The attack combined volumetric flooding on Cellcom’s SIP gateways with targeted TCP-state-exhaustion tactics, overwhelming both front-line routers and internal signaling servers
While Cellcom has not publicly named a culprit, government-linked threat actors—such as the Chinese-affiliated “Salt Typhoon” group—have been tied to recent telecom intrusions. A deputy national security advisor warned earlier this spring that Salt Typhoon’s campaign could have penetrated up to eight U.S. carriers, exploiting zero-day vulnerabilities and stale configurations
