How did you come to the conclusion it was Vitelity that was hacked and not your PBX? Did Vitelity confirm this?