Orange Belgium, a subsidiary of telecommunications big Orange Group, disclosed on Wednesday that attackers who breached its techniques in July have stolen the information of roughly 850,000 prospects.
Orange Belgium offers mounted and cellular connectivity providers to over 3 million prospects in Belgium and Luxembourg, employs 1,500 workers, and claims to function the biggest 4G/5G community within the nation. Final yr, the corporate reported complete service revenues of €1.34 billion.
When BleepingComputer reached out on Wednesday for extra particulars concerning final month’s breach, an Orange Belgium spokesperson said that the corporate could not verify whether or not any techniques had been encrypted through the incident, however mentioned that the breach wasn’t the results of assaults focusing on telecom corporations worldwide which have been linked to China’s Salt Storm cyber-espionage group.
The spokesperson added that Orange Belgium is conscious of the risk group behind the breach, however did not title them attributable to an ongoing investigation.
“On the finish of July, Orange Belgium detected a cyberattack on certainly one of its IT techniques, leading to unauthorised entry to sure knowledge from 850,000 buyer accounts,” the telecom firm revealed.
Whereas the risk actors did not acquire entry to the passwords, electronic mail addresses, or monetary info of impacted prospects, they had been capable of compromise techniques containing some account info.
“Nonetheless, the hacker gained entry to certainly one of our IT techniques containing the next knowledge: surname, first title, phone quantity, SIM card quantity, PUK code, tariff plan,” it added.
Orange Belgium is notifying all prospects affected by this incident by way of electronic mail or SMS, advising them to stay vigilant for any suspicious messages or calls as a result of fraudsters may use the stolen info to impersonate Orange or one other firm and trick them into sharing different delicate knowledge like passwords and banking info.”
BleepingComputer was additionally advised that this breach is a separate incident from the cyberattack disclosed by Orange Group on the finish of July, when its mum or dad firm introduced that it had detected a breached system on its community on July 25.
The Orange Group breach in July led to some operational disruptions, however they primarily affected French prospects.
In February, Orange’s Romanian department additionally confirmed the breach of a non-critical software after a risk actor claimed to have stolen hundreds of inside paperwork, containing 380,000 electronic mail addresses, in addition to worker knowledge, consumer information, supply code, invoices, and contracts.
5 years in the past, in early July 2020, the telecom big’s Orange Enterprise Options division was additionally hit by a Nefilim ransomware assault, which uncovered the information of twenty of its enterprise prospects.
Orange Group, the mum or dad firm of Orange Belgium, has 125,800 staff worldwide and reported revenues of €40.3 billion in 2024. It offers communication and enterprise providers to 294 million prospects throughout Europe, Africa, and the Center East, together with 256 million cellular and 22 million mounted broadband prospects.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration developments.
