Orange Belgium, a subsidiary of telecommunications big Orange Group, disclosed on Wednesday that attackers who breached its methods in July have stolen the information of roughly 850,000 clients.
Orange Belgium offers mounted and cellular connectivity companies to over 3 million clients in Belgium and Luxembourg, employs 1,500 workers, and claims to function the most important 4G/5G community within the nation. Final yr, the corporate reported whole service revenues of €1.34 billion.
When BleepingComputer reached out on Wednesday for extra particulars relating to final month’s breach, an Orange Belgium spokesperson acknowledged that the corporate could not verify whether or not any methods had been encrypted throughout the incident, however mentioned that the breach wasn’t the results of assaults focusing on telecom corporations worldwide which were linked to China’s Salt Hurricane cyber-espionage group.
The spokesperson added that Orange Belgium is conscious of the menace group behind the breach, however did not title them resulting from an ongoing investigation.
“On the finish of July, Orange Belgium detected a cyberattack on one in every of its IT methods, leading to unauthorised entry to sure information from 850,000 buyer accounts,” the telecom firm revealed.
Whereas the menace actors did not achieve entry to the passwords, e-mail addresses, or monetary data of impacted clients, they had been capable of compromise methods containing some account data.
“Nevertheless, the hacker gained entry to one in every of our IT methods containing the next information: surname, first title, phone quantity, SIM card quantity, PUK code, tariff plan,” it added.
Orange Belgium is notifying all clients affected by this incident by way of e-mail or SMS, advising them to stay vigilant for any suspicious messages or calls as a result of fraudsters might use the stolen data to impersonate Orange or one other firm and trick them into sharing different delicate information like passwords and banking data.”
BleepingComputer was additionally advised that this breach is a separate incident from the cyberattack disclosed by Orange Group on the finish of July, when its guardian firm introduced that it had detected a breached system on its community on July 25.
The Orange Group breach in July led to some operational disruptions, however they primarily affected French clients.
In February, Orange’s Romanian department additionally confirmed the breach of a non-critical utility after a menace actor claimed to have stolen hundreds of inside paperwork, containing 380,000 e-mail addresses, in addition to worker information, consumer data, supply code, invoices, and contracts.
5 years in the past, in early July 2020, the telecom big’s Orange Enterprise Options division was additionally hit by a Nefilim ransomware assault, which uncovered the information of twenty of its enterprise clients.
Orange Group, the guardian firm of Orange Belgium, has 125,800 staff worldwide and reported revenues of €40.3 billion in 2024. It offers communication and enterprise companies to 294 million clients throughout Europe, Africa, and the Center East, together with 256 million cellular and 22 million mounted broadband clients.
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration traits.
