Soo... I was the one that reported this.
Our MSP deals with a lot of SIP trunk providers. This kind of stuff happens more often than you would think, and we have seen it many times from many vendors. One of our lab (not production) accounts was hit. They were not in our system; they merely stole the SIP credentials from Sangoma's web site and placed some calls on our account before we noticed an unusual charge pattern and slammed the door shut on that.
Obviously we were more than a little bit annoyed by this, along with the usual "brah, secure your stupid PBX" response (the PBXs we manage have never been hacked, ever. We're not geniuses; we just follow best practices).
That being said... everything after that from Sangoma was flawless. If I were to write an article on the best way to handle an incident of this nature, I would base it on what Sangoma's management did.
First thing: They did not sweep it under the rug. They informed *all* of their customers, which cost them a great deal of embarrassment (see: this article) but also made sure that their entire customer base was notified and able to check for any other intrusions that may have been missed. A stand-up move.
Second thing: They refunded *everybody's* international call charges during that period. No quibbling, bickering, or fighting. We've seen our customers get hit with fraudulent bills in up to the five-figure range by other providers, when the provider knew the charges were fraudulent and not the customer's (or our) fault - strictly an internal hack on their end - and our customers were forced to pay anyway until it could be "sorted out," and then audit their own bills to prove the charges were fake. That's a worst-case real-life scenario, but that's closer to the standard than not.
Third thing: We requested / suggested several product enhancements to help prevent / mitigate this in the future, and they agreed to implement most of them on a crash-priority basis.
So yeah, it sucks that they got hacked, but this is far from a unique event in the industry. We were annoyed with them at first. But overall, this has been the most 100% stand-up, do-the-right-thing response I've ever seen from a SIP trunk provider. Freaking legendary good. Believe me when I say that going forward they are now our #1 small business provider and our #1 backup provider for larger business (volume pricing wins in these cases).