Orange Business Company CyberSecurity Posture
orange-business.com
At Orange Business, our ambition is to become the leading European Network and Digital Integrator by leveraging our proven expertise in next-generation connectivity solutions, the cloud and cybersecurity. Our 30,000 women and men are present in 65 countries, where every voice counts. Together, we are driven by the same determination and the same team spirit, to build the digital solutions of today and tomorrow and create a positive impact for our customers, for their employees and for the planet. We offer exciting opportunities through innovative projects in data and digital, cloud, AI, cybersecurity, IoT, or digital workspace and big data. Join us and be part of this adventure!
Company Details
orange-business-services
26,939
828,468
5415
orange-business.com
0
ORA_1601781
In-progress
Orange Business Risk Score (AI oriented)Between 750 and 799
Orange Business Global Score (TPRM)XXXX
Description: Orange Belgium disclosed a cyberattack discovered in late July 2024, compromising data from **850,000 customer accounts**. The breach exposed non-critical but sensitive personal information, including **names, first names, telephone numbers, SIM card numbers, and PUK (Personal Unblocking Key) codes**—8-digit security codes used to unblock SIM cards. The company confirmed that **no passwords, email addresses, banking, or financial details** were accessed. Upon detection, Orange Belgium blocked access to the affected system, reinforced security measures, and notified relevant authorities, filing an official complaint. Customers were alerted via email and SMS, with warnings to stay vigilant against potential phishing attempts via a dedicated webpage. The attack’s connection to a prior incident at parent company **Orange Group** (detected on July 25, with no confirmed customer data extraction) remains unconfirmed. The nature of the attack (e.g., method, perpetrator) was not disclosed.
Description: Orange Belgique, a telecommunications operator and subsidiary of the French Orange Group, detected a cyberattack in late July 2024 that compromised a system containing non-critical customer data. The breach exposed personal information of approximately **850,000 clients**, including **names, surnames, phone numbers, SIM card numbers, PUK codes, and tariff plans**. The company confirmed that **no critical data**—such as passwords, email addresses, or banking details—was accessed or stolen. Despite the limited scope of the exposed data, Orange Belgique filed a complaint with judicial authorities and advised customers to remain cautious against phishing or suspicious communications. The incident highlights vulnerabilities in the operator’s infrastructure, though the financial and operational impact appears contained due to the absence of high-risk data exposure.
Description: Orange Belgium, a major telecom operator, suffered a cyberattack targeting its IT systems, raising concerns over potential **theft of customer phone numbers**. The attack exposed vulnerabilities where fraudsters could exploit stolen customer data to impersonate legitimate users and **hijack phone numbers via SIM-swap fraud**. Once in control of a victim’s number, attackers could intercept **verification codes** (e.g., for password resets, email, social media, or payment systems), enabling broader fraudulent activities like account takeovers or financial theft. The Belgian telecom regulator (IBPT) responded by mandating an **additional verification step**—sending an SMS alert to customers for any number-transfer requests, allowing them to block unauthorized changes by replying 'STOP'. While no large-scale data breach (e.g., financial or sensitive personal records) was confirmed, the attack **disrupted trust in Orange’s security**, forced operational changes, and posed **reputational and financial risks** due to potential downstream fraud. Customers were urged to enable multi-factor authentication and scrutinize suspicious communications, highlighting the attack’s **secondary impact on user behavior and operational processes**.
Description: The cyber attackers targeted Orange and its subsidiary internet provider Nordnet in France. The cyberattack affected thousands of internet users across Europe amid the Ukraine-Russia war. Nearly 9,000 subscribers were affected by this internet outage.
Description: The telecommunications company Orange reported being a victim of a cyberattack on Friday, affecting one of its information systems. This attack caused service disruptions for some of its corporate clients and a few public services, mainly in France. The company has filed a complaint and stated that as of the current stage of investigations, there is no indication that any customer or company data has been exfiltrated. Services and management platforms are expected to gradually reopen by Wednesday morning.
Description: Orange Group, a leading telecom operator, faced a cyberattack that disrupted its services. The attack, detected on July 25, forced the company to isolate potentially affected services, leading to temporary disruptions for business customers and a few consumer services in France. Although no data exfiltration or tampering was reported, the disruptions impacted various management services and platforms. The company implemented solutions to restore services and filed complaints with regulators and authorities.
Description: An unknown number of consumers were unable to access specific websites as a result of a hack that targeted Orange's Spanish business, a telecom operator. Orange successfully identified and neutralised the majority of the unauthorised access to its IP network coordination centre. The French corporation said that there was no risk to client data in a message posted on the social networking platform X.
Description: French telecommunications company Orange S.A.was targeted by a Nefilim ransomware group which resulted in data loss. The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems. The data from about 20 customers on its virtual hosting service was accessed by those behind the ransomware attack.
Description: Major telecommunications provider Orange suffered a severe security breach by the Babuk ransomware gang, resulting in the theft of 4.5 TB of sensitive data. The compromised data includes customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, and other personal information. This cyberattack has put both customers and the company at significant risk, impacting the confidentiality, integrity, and availability of valuable data.
Description: A criminal hacking gang, identified as Warlock, executed a ransomware attack on **Orange SA**, a major French telecommunications company, in late July 2025. The attackers breached internal systems, exfiltrating approximately **4 GB of business customer data**, which was later published on the dark web in mid-August. While Orange claimed the stolen data was **outdated or of low sensitivity**, the incident follows prior breaches in 2025, including a July attack on **850,000 customer accounts** in its Belgian division and a separate leak of **employee data in Romania**.The Warlock group, known for leasing ransomware to affiliate hackers, encrypted Orange’s systems and demanded payment for decryption. Orange collaborated with affected companies and authorities, notifying impacted parties before the data’s public release. Telecommunications firms remain high-value targets due to their repositories of **financial, governmental, and corporate communication data**, amplifying risks of reputational damage, regulatory scrutiny, and operational disruption.
Description: On March 17, 2022, Orange Business Services U.S., Inc. (OBS) discovered a data breach involving unauthorized access to servers belonging to its subsidiary, Orange Silicon Valley, LLC (OSV), which had occurred on January 4, 2022. The incident compromised sensitive personal information of **6,567 individuals**, including **9 Maine residents**, with exposed data including **Social Security numbers (SSNs)**—a high-value target for identity theft and financial fraud. The breach highlights a significant security lapse, as SSNs are critical identifiers that can enable long-term fraud, financial exploitation, and reputational damage for affected individuals. While the exact method of unauthorized access was not detailed, the exposure of such sensitive data suggests a failure in access controls, monitoring, or incident response protocols. The delay between the breach (January 4) and its discovery (March 17)—over **two months**—further exacerbates the risk, as threat actors could have exploited the stolen data during this period. The incident underscores the broader implications for Orange Business Services, including potential **legal liabilities** under data protection laws (e.g., GDPR, state-level breach notification statutes), **regulatory scrutiny**, and **loss of customer trust**. Given the nature of the exposed data, affected individuals face heightened risks of identity theft, phishing attacks, and financial fraud, necessitating credit monitoring and remediation efforts.
Description: Orange Cyberdefense apparently suffered a data breach incident after a popular forum offered data allegedly from their firm. Data in the sample included Contact Name, Email, Phone Number, Company Name, and Solution Name. The listing also offered to sell access to Orange Cyberdefense’s servers.
Description: The telecoms giant warned that customers were going to be affected by its response to the attack, however, it did not disclose the incident itself. In a statement, the company said: “At this stage of the investigation, there is no evidence to suggest that any customer or Orange data has been extracted. We remain vigilant in this regard.” The attack took place on Friday 25 July, with the group detecting a cyberattack on its information systems, with Orange Cyberdefense teams mobilising and isolating the potential attack to mitigate the impact. “However, these isolation operations have resulted in the disruption of certain services and management platforms for some of our corporate customers and some consumer services, primarily in France. Our dedicated teams are fully mobilised to inform and support affected customers,” Orange stated. “Our teams have identified and are implementing solutions that will allow, under heightened vigilance, the gradual reopening of the main impacted services by Wednesday morning [30 July]. It added that a complaint has been filed and the relevant authorities have been alerted. “At this stae of the investigation, there is no evidence to suggest that any customer or Orange data has been extracted. We remain vigilant in this regard,” it added. The attack follows Orange confirming earlier this year that it experienced a separate cyber attack in March. At the time, a member of the HellCat ransomware group, known as Rey, gained access to a “non-c
No incidents recorded for Orange Business in 2025.
No incidents recorded for Orange Business in 2025.
No incidents recorded for Orange Business in 2025.
Orange Business cyber incidents detection timeline including parent company and subsidiaries
At Orange Business, our ambition is to become the leading European Network and Digital Integrator by leveraging our proven expertise in next-generation connectivity solutions, the cloud and cybersecurity. Our 30,000 women and men are present in 65 countries, where every voice counts. Together, we are driven by the same determination and the same team spirit, to build the digital solutions of today and tomorrow and create a positive impact for our customers, for their employees and for the planet. We offer exciting opportunities through innovative projects in data and digital, cloud, AI, cybersecurity, IoT, or digital workspace and big data. Join us and be part of this adventure!
Indra (www.indracompany.com) is one of the leading global defence, aerospace and technology companies, and a world leader in digital transformation and information technologies in Spain and Latin America through its subsidiary, Minsait. Its business model is based on a comprehensive range of proprie
Zensar stands out as a premier technology consulting and services company, embracing an ‘experience-led everything’ philosophy. We are creators, thinkers, and problem solvers passionate about designing digital experiences that are engineered into scale-ready products, services, and solutions to deli
We are Canon Europe. We are the world's best imaging company. This page represents our offices in Europe, the Middle East and Africa. Founded in 1937, the desire to continuously innovate has kept Canon at the forefront of imaging excellence throughout its 85-year history and has commitments to inve
At Avaya, we give our customers the freedom to take their business in the directions that benefit them most. We provide the paths for both customers and their employees where every moment big and small can drive in the moment, memorable experiences. The journey is theirs at the pace that makes sense
LTIMindtree is a global technology consulting and digital solutions company that enables enterprises across industries to reimagine business models, accelerate innovation, and maximize growth by harnessing digital technologies. As a digital transformation partner to more than 700 clients, LTIMindtre
Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading technology services and consulting company focused on building innovative solutions that address clients’ most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, a
CenturyLink (NYSE: CTL) is a technology leader delivering hybrid networking, cloud connectivity, and security solutions to customers around the world. Through its extensive global fiber network, CenturyLink provides secure and reliable services to meet the growing digital demands of businesses and c
Ingram Micro is a leading technology company for the global information technology ecosystem. With the ability to reach nearly 90% of the global population, we play a vital role in the worldwide IT sales channel, bringing products and services from technology manufacturers and cloud providers to a h
At CACI International Inc (NYSE: CACI), our 25,000 talented and dynamic employees are ever vigilant in delivering distinctive expertise and technology to meet our customers’ greatest challenges in national security. We are a company of good character, relentless innovation, and long-standing excelle
.png)
Orange Business is to migrate a major part of its IT infrastructure to its part-owned Bleu sovereign cloud venture.
There is no trusted cloud without trusted connectivity,” says Benjamin Vigouroux, VP of digital infrastructure at Orange Business.
Orange Jordan announced its participation in The C8 2025 Conference and Exhibition on Cybersecurity Advancement, Innovation, and Technology,...
EQS-News: cyan AG and Orange Réunion Mayotte partner to launch new cybersecurity service in Réunion and Mayotte for B2B and B2C customers.
Orange Cyberdefense and watchTowr have highlighted the importance of proactive, preemptive management in strengthening the cybersecurity...
SCUT, Romania's newest cybersecurity company, has officially launched the concept of the digital cyber shield — a unified approach,...
Business - SCUT, Romania's newest cybersecurity company, has introduced the concept of a digital cyber shield, a unified approach co-created...
Orange's Cyberdefense has partnered with Qevlar AI to help businesses fight cybercrime across the African continent.
Qatar-based Ooredoo Group has partnered with software development company Innovatix Systems to deploy advanced cybersecurity services in the...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Orange Business is http://www.orange-business.com.
According to Rankiteo, Orange Business’s AI-generated cybersecurity score is 796, reflecting their Fair security posture.
According to Rankiteo, Orange Business currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Orange Business is not certified under SOC 2 Type 1.
According to Rankiteo, Orange Business does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Orange Business is not listed as GDPR compliant.
According to Rankiteo, Orange Business does not currently maintain PCI DSS compliance.
According to Rankiteo, Orange Business is not compliant with HIPAA regulations.
According to Rankiteo,Orange Business is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Orange Business operates primarily in the IT Services and IT Consulting industry.
Orange Business employs approximately 26,939 people worldwide.
Orange Business presently has no subsidiaries across any sectors.
Orange Business’s official LinkedIn profile has approximately 828,468 followers.
Orange Business is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
No, Orange Business does not have a profile on Crunchbase.
Yes, Orange Business maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/orange-business-services.
As of December 10, 2025, Rankiteo reports that Orange Business has experienced 13 cybersecurity incidents.
Orange Business has an estimated 37,373 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware, Cyber Attack and Breach.
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with the company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., and containment measures with identified and neutralised the majority of the unauthorised access, and communication strategy with posted a message on the social networking platform x, and and third party assistance with orange cyberdefense, and and containment measures with isolated potentially affected services, and recovery measures with gradual reopening of services and platforms, and communication strategy with public announcement and updates, and containment measures with isolate affected services, and recovery measures with implementing solutions to restore services, and communication strategy with informing and assisting affected customers, and and and containment measures with blocked access to the affected system, and remediation measures with strengthened security measures, and communication strategy with public statement, communication strategy with customer notifications via email and text message, communication strategy with dedicated web page for phishing awareness, and and communication strategy with recommandation aux clients de rester vigilants face aux communications suspectes, and and and remediation measures with collaboration with affected companies, remediation measures with coordination with authorities, and communication strategy with advance notification to affected companies, communication strategy with public disclosure, and incident response plan activated with oui (mesures approuvées par l'ibpt), and third party assistance with ibpt (institut belge des services postaux et télécommunications), and containment measures with contrôle supplémentaire via sms de vérification pour les transferts de numéro, containment measures with possibilité d'annulation par le client en répondant 'stop', and remediation measures with évaluation périodique de la mesure par l'ibpt, remediation measures with adaptation si nécessaire, and communication strategy with avis publics via l'ibpt, communication strategy with messages sms aux clients concernés, communication strategy with recommandations de sécurité générales (double authentification, vigilance face aux messages suspects), and incident response plan activated with yes, and law enforcement notified with yes, and containment measures with isolation of potential attack, disruption of services, and remediation measures with gradual reopening of impacted services under heightened vigilance, and recovery measures with solutions implemented for service restoration by 2024-07-30, and communication strategy with public statement, customer advisories..
Title: Cyber Attack on Orange and Nordnet
Description: Cyber attackers targeted Orange and its subsidiary internet provider Nordnet in France, affecting thousands of internet users across Europe amid the Ukraine-Russia war.
Type: Cyber Attack
Title: Orange S.A. Nefilim Ransomware Attack
Description: French telecommunications company Orange S.A. was targeted by a Nefilim ransomware group which resulted in data loss.
Type: Ransomware
Threat Actor: Nefilim ransomware group
Title: Data Breach at Orange Cyberdefense
Description: Orange Cyberdefense suffered a data breach incident after a popular forum offered data allegedly from their firm. The data in the sample included Contact Name, Email, Phone Number, Company Name, and Solution Name. The listing also offered to sell access to Orange Cyberdefense’s servers.
Type: Data Breach
Motivation: Data Theft, Financial Gain
Title: Hack Targeting Orange's Spanish Business
Description: An unknown number of consumers were unable to access specific websites as a result of a hack that targeted Orange's Spanish business, a telecom operator. Orange successfully identified and neutralised the majority of the unauthorised access to its IP network coordination centre. The French corporation said that there was no risk to client data in a message posted on the social networking platform X.
Type: Hack
Title: Orange Telecommunications Breach by Babuk Ransomware
Description: Major telecommunications provider Orange suffered a severe security breach by the Babuk ransomware gang, resulting in the theft of 4.5 TB of sensitive data. The compromised data includes customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, and other personal information. This cyberattack has put both customers and the company at significant risk, impacting the confidentiality, integrity, and availability of valuable data.
Type: Data Breach, Ransomware
Threat Actor: Babuk ransomware gang
Title: Cyberattack on Orange Telecommunications
Description: Orange, a telecommunications group, experienced a cyberattack on one of its information systems, leading to service disruptions for some of its enterprise clients and a few public services, mainly in France.
Date Detected: 2023-07-28
Date Publicly Disclosed: 2023-07-31
Type: Cyberattack
Title: Orange warns customers of an ongoing cyberattack
Description: Orange Group, one of the world’s leading telecom operators, has warned about a cyberattack that disrupted some of its services. The attack forced it to isolate parts of its network, causing disruptions. The company detected the attack on July 25 and is implementing solutions to restore services. There was no evidence of data exfiltration or tampering.
Date Detected: 2023-07-25
Type: Cyberattack
Threat Actor: Salt TyphoonChinese state-sponsored group
Motivation: Disrupt servicesEavesdropping on vital communicationsExfiltrating sensitive information
Title: Orange Belgium Cyberattack Compromising Customer Data
Description: Orange Belgium announced a cyberattack discovered at the end of July 2023 that compromised data from 850,000 customer accounts. The hacker accessed an IT system containing non-critical customer data, including names, telephone numbers, SIM card numbers, PUK codes, and tariff plans. The company blocked access to the affected system, strengthened security measures, and alerted authorities. Customers were notified via email and text message and advised to watch for phishing attempts.
Date Detected: Late July 2023 (exact date unspecified)
Date Publicly Disclosed: Wednesday, August 2, 2023 (approximate, based on announcement timing)
Type: Data Breach
Title: Cyberattaque chez Orange Belgique affectant les données de 850.000 clients
Description: Orange Belgique, opérateur de télécommunications, a détecté une cyberattaque fin juillet 2023. L'attaquant a accédé à un système informatique contenant des données personnelles non critiques de 850.000 clients (nom, prénom, numéro de téléphone, numéro de carte SIM, code PUK, plan tarifaire). Aucune donnée critique (mots de passe, adresses e-mail, coordonnées bancaires) n'a été compromise. Une plainte a été déposée auprès des autorités judiciaires, et les clients sont invités à rester vigilants face aux communications suspectes.
Date Detected: fin juillet 2023
Date Publicly Disclosed: mercredi (date exacte non précisée, probablement début août 2023)
Type: cyberattaque (accès non autorisé à des données)
Title: Orange Business Services U.S., Inc. Data Breach (2022)
Description: The Maine Office of the Attorney General reported that on March 17, 2022, Orange Business Services U.S., Inc. (OBS) learned of a data breach involving unauthorized access to several Orange Silicon Valley, LLC (OSV) servers, which occurred on January 4, 2022. The breach affected 6,567 individuals, including 9 residents of Maine, whose information included Social Security numbers.
Date Detected: 2022-03-17
Type: Data Breach
Title: Ransomware Hack Hits Orange Telecom, Data Published on Dark Web
Description: A criminal hacking gang (Warlock) stole business customer data from French telecommunications company Orange SA and published ~4GB of data on the dark web in mid-August 2025. The breach was disclosed to authorities in late July 2025. Orange confirmed the data was outdated or low-sensitivity and had informed affected companies in advance. This follows separate incidents in July (Belgian customer data breach) and another involving employee data in Romania published on the dark web.
Date Detected: 2025-07-01T00:00:00Z
Date Publicly Disclosed: 2025-07-31T00:00:00Z
Type: ransomware
Attack Vector: ransomware (Warlock)system compromise
Threat Actor: Warlock (ransomware-as-a-service group)
Motivation: financial gaindata theft
Title: Cyberattaque ciblant Orange Belgium avec risque de vol de numéros de téléphone
Description: Une cyberattaque a visé les systèmes informatiques d'Orange Belgium, entraînant un risque de vol de numéros de téléphone par des escrocs utilisant des données personnelles de clients pour usurper leur identité. L'IBPT (Institut Belge des services Postaux et Télécommunications) a approuvé une mesure de contrôle supplémentaire : un SMS de vérification envoyé aux clients en cas de demande de transfert de numéro, permettant d'annuler la demande en répondant 'STOP' si elle est frauduleuse. Le message est envoyé depuis le numéro 5000 (particuliers) ou 5995 (professionnels).
Type: Cyberattaque
Attack Vector: Exploitation de données personnelles voléesIngénierie socialeSIM swapping
Vulnerability Exploited: Faiblesse dans les procédures de vérification d'identitéAccès non autorisé aux données clients
Threat Actor: Escrocs / Cybercriminels (non identifiés)
Motivation: Fraude financièreVol d'identitéAccès non autorisé à des comptes en ligne
Title: Cyberattack on Orange Information Systems
Description: Orange detected a cyberattack on its information systems, leading to the isolation of potential threats and disruption of certain services for corporate and consumer customers, primarily in France. No evidence of data extraction was found at the time of the investigation.
Date Detected: 2024-07-25
Date Resolved: 2024-07-30
Type: Cyberattack
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Systems Affected: Internet Services
Data Compromised: Data from about 20 customers on its virtual hosting service was accessed.
Data Compromised: Contact name, Email, Phone number, Company name, Solution name
Systems Affected: IP network coordination centre
Operational Impact: Consumers unable to access specific websites
Data Compromised: Customer records, Email addresses, User data, Source code, Invoices, Internal documents, Contracts, Employee details, Credit cards, Messages, Call logs, Other personal information
Systems Affected: Some enterprise client services and a few public services
Downtime: Some services and management platforms will reopen gradually by Wednesday morning
Operational Impact: Service disruptions for enterprise clients and public services
Systems Affected: Management servicesPlatformsConsumer services
Downtime: ['Temporary service disruptions', 'Some users completely offline']
Data Compromised: Customer names (first and last), Telephone numbers, Sim card numbers, Puk (personal unblocking key) codes, Tariff plans
Systems Affected: An IT system containing customer data
Brand Reputation Impact: Potential risk due to exposure of customer data and phishing warnings
Identity Theft Risk: Low (no critical data like passwords, emails, or financial details compromised, but PUK codes could enable SIM swapping)
Payment Information Risk: None (no banking or financial details exposed)
Data Compromised: Nom, Prénom, Numéro de téléphone, Numéro de carte sim, Code puk, Plan tarifaire
Systems Affected: un système informatique (non spécifié)
Brand Reputation Impact: potentiel (recommandation de vigilance aux clients)
Legal Liabilities: plainte déposée auprès des autorités judiciaires
Identity Theft Risk: faible (données non critiques, mais risque de phishing accru)
Payment Information Risk: aucun (coordonnées bancaires non compromises)
Data Compromised: Social security numbers
Systems Affected: Orange Silicon Valley, LLC (OSV) servers
Identity Theft Risk: High (Social Security numbers exposed)
Data Compromised: Business customer data, Outdated/low-sensitivity data
Systems Affected: internal systems
Operational Impact: limited
Brand Reputation Impact: moderate (public disclosure of breach)
Identity Theft Risk: low (data described as outdated/low-sensitivity)
Data Compromised: Données personnelles des clients (non précisées), Numéros de téléphone
Systems Affected: Systèmes informatiques d'Orange Belgium (partiellement)Procédures de transfert de numéro
Operational Impact: Renforcement des contrôles de sécurité pour les transferts de numéroCommunication accrue avec les clients
Brand Reputation Impact: Risque de perte de confiance des clientsNécéssité de mesures correctives publiques
Identity Theft Risk: ["Élevé (vol de numéros de téléphone pour usurpation d'identité)"]
Payment Information Risk: ["Risque accru via l'accès aux codes de vérification envoyés par SMS"]
Data Compromised: No evidence of data extraction
Systems Affected: Information systems, management platforms
Downtime: Disruption of services until 2024-07-30
Operational Impact: Disruption of corporate and consumer services, primarily in France
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Contact Name, Email, Phone Number, Company Name, Solution Name, , Customer Records, Email Addresses, User Data, Source Code, Invoices, Internal Documents, Contracts, Employee Details, Credit Cards, Messages, Call Logs, Other Personal Information, , Personal Data (Names, Telephone Numbers), Sim-Related Data (Sim Card Numbers, Puk Codes), Service Data (Tariff Plans), , Informations Personnelles (Non Critiques), , Personally Identifiable Information (Pii), , Business Customer Data, Outdated Data, Low-Sensitivity Data, , Données Personnelles (Non Détaillées), Numéros De Téléphone and .
Entity Name: Orange
Entity Type: Company
Industry: Telecommunications
Location: France
Customers Affected: 9000
Entity Name: Nordnet
Entity Type: Company
Industry: Internet Service Provider
Location: France
Customers Affected: 9000
Entity Name: Orange S.A.
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: France
Customers Affected: 20
Entity Name: Orange Cyberdefense
Entity Type: Company
Industry: Cybersecurity
Entity Name: Orange
Entity Type: Telecom Operator
Industry: Telecommunications
Location: Spain
Customers Affected: Unknown number
Entity Name: Orange
Entity Type: Telecommunications provider
Industry: Telecommunications
Entity Name: Orange
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: France
Customers Affected: Enterprise clients and some public services
Entity Name: Orange Group
Entity Type: Telecom Operator
Industry: Telecommunications
Location: France
Customers Affected: Business customers, Consumer services
Entity Name: Orange Belgium
Entity Type: Telecommunications Provider
Industry: Telecommunications
Location: Belgium
Customers Affected: 850,000
Entity Name: Orange Belgique
Entity Type: opérateur de télécommunications
Industry: télécommunications
Location: Belgique
Customers Affected: 850.000
Entity Name: Orange Business Services U.S., Inc. (OBS)
Entity Type: Corporation
Industry: Telecommunications / IT Services
Location: United States
Customers Affected: 6,567 individuals (including 9 Maine residents)
Entity Name: Orange Silicon Valley, LLC (OSV)
Entity Type: Subsidiary
Industry: Telecommunications / IT Services
Location: Silicon Valley, California, USA
Entity Name: Orange SA
Entity Type: telecommunications
Industry: telecommunications
Location: France (HQ: Paris)
Size: large enterprise
Entity Name: Orange Belgium
Entity Type: subsidiary
Industry: telecommunications
Location: Belgium
Customers Affected: 850,000 (separate incident in July 2025)
Entity Name: Orange Romania
Entity Type: subsidiary
Industry: telecommunications
Location: Romania
Entity Name: Orange Belgium
Entity Type: Opérateur télécom
Industry: Télécommunications
Location: Belgique
Customers Affected: Clients particuliers et professionnels (nombre non précisé)
Entity Name: Orange
Entity Type: Telecoms
Industry: Telecommunications
Location: France
Customers Affected: Corporate customers and some consumer services
Containment Measures: The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems.
Containment Measures: Identified and neutralised the majority of the unauthorised access
Communication Strategy: Posted a message on the social networking platform X
Incident Response Plan Activated: True
Third Party Assistance: Orange Cyberdefense.
Containment Measures: Isolated potentially affected services
Recovery Measures: Gradual reopening of services and platforms
Communication Strategy: Public announcement and updates
Containment Measures: Isolate affected services
Recovery Measures: Implementing solutions to restore services
Communication Strategy: Informing and assisting affected customers
Incident Response Plan Activated: True
Containment Measures: Blocked access to the affected system
Remediation Measures: Strengthened security measures
Communication Strategy: Public statementCustomer notifications via email and text messageDedicated web page for phishing awareness
Communication Strategy: recommandation aux clients de rester vigilants face aux communications suspectes
Incident Response Plan Activated: True
Remediation Measures: collaboration with affected companiescoordination with authorities
Communication Strategy: advance notification to affected companiespublic disclosure
Incident Response Plan Activated: Oui (mesures approuvées par l'IBPT)
Third Party Assistance: Ibpt (Institut Belge Des Services Postaux Et Télécommunications).
Containment Measures: Contrôle supplémentaire via SMS de vérification pour les transferts de numéroPossibilité d'annulation par le client en répondant 'STOP'
Remediation Measures: Évaluation périodique de la mesure par l'IBPTAdaptation si nécessaire
Communication Strategy: Avis publics via l'IBPTMessages SMS aux clients concernésRecommandations de sécurité générales (double authentification, vigilance face aux messages suspects)
Incident Response Plan Activated: Yes
Law Enforcement Notified: Yes
Containment Measures: Isolation of potential attack, disruption of services
Remediation Measures: Gradual reopening of impacted services under heightened vigilance
Recovery Measures: Solutions implemented for service restoration by 2024-07-30
Communication Strategy: Public statement, customer advisories
Incident Response Plan: The company's incident response plan is described as Oui (mesures approuvées par l'IBPT), Yes.
Third-Party Assistance: The company involves third-party assistance in incident response through Orange Cyberdefense, , IBPT (Institut Belge des services Postaux et Télécommunications), .
Type of Data Compromised: Contact name, Email, Phone number, Company name, Solution name
Personally Identifiable Information: Contact NameEmailPhone Number
Type of Data Compromised: Customer records, Email addresses, User data, Source code, Invoices, Internal documents, Contracts, Employee details, Credit cards, Messages, Call logs, Other personal information
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Type of Data Compromised: Personal data (names, telephone numbers), Sim-related data (sim card numbers, puk codes), Service data (tariff plans)
Number of Records Exposed: 850,000
Sensitivity of Data: Moderate (no critical data like passwords or financial details, but PUK codes are sensitive)
Personally Identifiable Information: NamesTelephone numbers
Type of Data Compromised: Informations personnelles (non critiques)
Number of Records Exposed: 850.000
Sensitivity of Data: faible à modérée (pas de données financières ou d'authentification)
Data Exfiltration: probable (accès confirmé, mais exfiltration non explicitement mentionnée)
Personally Identifiable Information: nomprénomnuméro de téléphone
Type of Data Compromised: Personally identifiable information (pii)
Number of Records Exposed: 6,567
Sensitivity of Data: High
Data Exfiltration: Yes (unauthorized access)
Personally Identifiable Information: Social Security numbers
Type of Data Compromised: Business customer data, Outdated data, Low-sensitivity data
Sensitivity of Data: low
Data Encryption: True
Type of Data Compromised: Données personnelles (non détaillées), Numéros de téléphone
Sensitivity of Data: Élevée (risque d'usurpation d'identité et de fraude)
Data Exfiltration: Probable (utilisation des données par des escrocs)
Personally Identifiable Information: Numéros de téléphoneAutres données personnelles (non spécifiées)
Data Exfiltration: No evidence of data extraction
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Strengthened security measures, , collaboration with affected companies, coordination with authorities, , Évaluation périodique de la mesure par l'IBPT, Adaptation si nécessaire, , Gradual reopening of impacted services under heightened vigilance.
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by the company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., identified and neutralised the majority of the unauthorised access, , isolated potentially affected services, isolate affected services, , blocked access to the affected system, , contrôle supplémentaire via sms de vérification pour les transferts de numéro, possibilité d'annulation par le client en répondant 'stop', , isolation of potential attack and disruption of services.
Ransomware Strain: Nefilim
Ransomware Strain: Warlock
Data Encryption: True
Data Exfiltration: True
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Gradual reopening of services and platforms, Implementing solutions to restore services, , Solutions implemented for service restoration by 2024-07-30.
Legal Actions: Filed a complaint for 'attack on its information system'
Regulatory Notifications: Filed notices with relevant authorities
Legal Actions: Official complaint filed with judicial authorities,
Regulatory Notifications: Relevant authorities alerted
Legal Actions: plainte déposée
Regulatory Notifications: Maine Office of the Attorney General
Regulatory Notifications: French national authorities (disclosed late July 2025)
Regulatory Notifications: Notification et collaboration avec l'IBPT pour les mesures correctives
Legal Actions: Complaint filed
Regulatory Notifications: Relevant authorities alerted
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Filed a complaint for 'attack on its information system', Official complaint filed with judicial authorities, , plainte déposée, Complaint filed.
Lessons Learned: Nécessité de renforcer les procédures de vérification d'identité pour les transferts de numéro, Importance de la communication proactive avec les clients en cas de risque de fraude, Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité
Recommendations: Customers advised to monitor for phishing attempts, Company likely reviewing access controls and system segmentationCustomers advised to monitor for phishing attempts, Company likely reviewing access controls and system segmentation
Recommendations: Rester vigilants face à toute communication suspecte (ex. phishing).
Recommendations: Activer la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphone
Key Lessons Learned: The key lessons learned from past incidents are Nécessité de renforcer les procédures de vérification d'identité pour les transferts de numéro,Importance de la communication proactive avec les clients en cas de risque de fraude,Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité.
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Rester vigilants face à toute communication suspecte (ex. phishing)..
Source: Social networking platform X
Source: TechRadar Pro
Source: Orange Belgium Public Statement
Date Accessed: August 2023
Source: Annonce publique d'Orange Belgique
Source: Maine Office of the Attorney General
Source: IBPT (Institut Belge des services Postaux et Télécommunications)
Source: Orange Statement
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Social networking platform X, and Source: OrangeDate Accessed: 2023-07-31, and Source: TechRadar Pro, and Source: Orange Belgium Public StatementDate Accessed: August 2023, and Source: Annonce publique d'Orange Belgique, and Source: Maine Office of the Attorney General, and Source: BloombergDate Accessed: 2025-01-01, and Source: Orange SA spokesperson statementDate Accessed: 2025-08-15, and Source: IBPT (Institut Belge des services Postaux et Télécommunications), and Source: Orange Statement.
Investigation Status: Ongoing
Investigation Status: Ongoing (no updates on root cause or relation to Orange Group incident)
Investigation Status: en cours (plainte déposée, détails limités)
Investigation Status: ongoing (as of August 2025)
Investigation Status: Mesures correctives en cours (évaluation périodique par l'IBPT)
Investigation Status: Ongoing
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Posted A Message On The Social Networking Platform X, Public announcement and updates, Informing And Assisting Affected Customers, Public Statement, Customer Notifications Via Email And Text Message, Dedicated Web Page For Phishing Awareness, recommandation aux clients de rester vigilants face aux communications suspectes, Advance Notification To Affected Companies, Public Disclosure, Avis Publics Via L'Ibpt, Messages Sms Aux Clients Concernés, Recommandations De Sécurité Générales (Double Authentification, Vigilance Face Aux Messages Suspects), Public statement and customer advisories.
Stakeholder Advisories: Customers Notified Via Email And Text Message.
Customer Advisories: Warning about potential phishing attemptsDedicated web page for guidance
Customer Advisories: Recommandation de vigilance contre les communications suspectes.
Stakeholder Advisories: Affected Companies Notified In Advance.
Stakeholder Advisories: Avis Public De L'Ibpt Sur Les Risques De Fraude, Recommandations De Sécurité Pour Tous Les Utilisateurs De Services Télécoms.
Customer Advisories: SMS de vérification envoyé depuis le 5000 (particuliers) ou 5995 (professionnels) en cas de demande de transfert de numéroInstructions pour annuler une demande frauduleuse en répondant 'STOP'Conseils généraux de sécurité (double authentification, vigilance)
Customer Advisories: Affected customers informed and supported
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers Notified Via Email And Text Message, Warning About Potential Phishing Attempts, Dedicated Web Page For Guidance, , Recommandation de vigilance contre les communications suspectes., Affected Companies Notified In Advance, Avis Public De L'Ibpt Sur Les Risques De Fraude, Recommandations De Sécurité Pour Tous Les Utilisateurs De Services Télécoms, Sms De Vérification Envoyé Depuis Le 5000 (Particuliers) Ou 5995 (Professionnels) En Cas De Demande De Transfert De Numéro, Instructions Pour Annuler Une Demande Frauduleuse En Répondant 'Stop', Conseils Généraux De Sécurité (Double Authentification, Vigilance), and Affected customers informed and supported.
High Value Targets: Business Customer Data,
Data Sold on Dark Web: Business Customer Data,
High Value Targets: Données Clients (Numéros De Téléphone Et Informations Personnelles),
Data Sold on Dark Web: Données Clients (Numéros De Téléphone Et Informations Personnelles),
Corrective Actions: Strengthened Security Measures (Unspecified),
Root Causes: Failles Dans La Protection Des Données Clients, Procédures De Vérification Insuffisantes Pour Les Transferts De Numéro,
Corrective Actions: Ajout D'Un Contrôle Sms Pour Les Transferts De Numéro, Évaluation Périodique Par L'Ibpt, Sensibilisation Des Clients,
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Orange Cyberdefense, , Ibpt (Institut Belge Des Services Postaux Et Télécommunications), .
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Strengthened Security Measures (Unspecified), , Ajout D'Un Contrôle Sms Pour Les Transferts De Numéro, Évaluation Périodique Par L'Ibpt, Sensibilisation Des Clients, .
Last Attacking Group: The attacking group in the last incident were an Nefilim ransomware group, Babuk ransomware gang, Salt TyphoonChinese state-sponsored group, Warlock (ransomware-as-a-service group) and Escrocs / Cybercriminels (non identifiés).
Most Recent Incident Detected: The most recent incident detected was on 2023-07-28.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-07-31T00:00:00Z.
Most Recent Incident Resolved: The most recent incident resolved was on 2024-07-30.
Most Significant Data Compromised: The most significant data compromised in an incident were Data from about 20 customers on its virtual hosting service was accessed., Contact Name, Email, Phone Number, Company Name, Solution Name, , customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, other personal information, , Customer names (first and last), Telephone numbers, SIM card numbers, PUK (Personal Unblocking Key) codes, Tariff plans, , nom, prénom, numéro de téléphone, numéro de carte SIM, code PUK, plan tarifaire, , Social Security numbers, , business customer data, outdated/low-sensitivity data, , Données personnelles des clients (non précisées), Numéros de téléphone, and No evidence of data extraction.
Most Significant System Affected: The most significant system affected in an incident were IP network coordination centre and and Management servicesPlatformsConsumer services and An IT system containing customer data and un système informatique (non spécifié) and Orange Silicon Valley, LLC (OSV) servers and internal systems and Systèmes informatiques d'Orange Belgium (partiellement)Procédures de transfert de numéro and .
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was orange cyberdefense, , ibpt (institut belge des services postaux et télécommunications), .
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., Identified and neutralised the majority of the unauthorised access, Isolated potentially affected services, Isolate affected services, Blocked access to the affected system, Contrôle supplémentaire via SMS de vérification pour les transferts de numéroPossibilité d'annulation par le client en répondant 'STOP', Isolation of potential attack and disruption of services.
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, SIM card numbers, Phone Number, call logs, numéro de carte SIM, invoices, Solution Name, numéro de téléphone, employee details, Customer names (first and last), user data, Contact Name, prénom, contracts, Company Name, Numéros de téléphone, messages, Telephone numbers, nom, Données personnelles des clients (non précisées), plan tarifaire, Tariff plans, Data from about 20 customers on its virtual hosting service was accessed., internal documents, outdated/low-sensitivity data, No evidence of data extraction, customer records, credit cards, PUK (Personal Unblocking Key) codes, source code, code PUK, other personal information, business customer data, Email and email addresses.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 857.4K.
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Filed a complaint for 'attack on its information system', Official complaint filed with judicial authorities, , plainte déposée, Complaint filed.
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité.
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Surveiller les activités suspectes sur les comptes liés au numéro de téléphone, Être vigilant face aux appels ou messages suspects, Limiter la publication d'informations personnelles sur les réseaux sociaux, Customers advised to monitor for phishing attempts, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Rester vigilants face à toute communication suspecte (ex. phishing)., Company likely reviewing access controls and system segmentation and Activer la double authentification pour les services en ligne.
Most Recent Source: The most recent source of information about an incident are Orange SA spokesperson statement, IBPT (Institut Belge des services Postaux et Télécommunications), TechRadar Pro, Bloomberg, Orange Belgium Public Statement, Maine Office of the Attorney General, Annonce publique d'Orange Belgique, Orange Statement, Orange and Social networking platform X.
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers notified via email and text message, affected companies notified in advance, Avis public de l'IBPT sur les risques de fraude, Recommandations de sécurité pour tous les utilisateurs de services télécoms, .
Most Recent Customer Advisory: The most recent customer advisory issued were an Warning about potential phishing attemptsDedicated web page for guidance, Recommandation de vigilance contre les communications suspectes., SMS de vérification envoyé depuis le 5000 (particuliers) ou 5995 (professionnels) en cas de demande de transfert de numéroInstructions pour annuler une demande frauduleuse en répondant 'STOP'Conseils généraux de sécurité (double authentification, vigilance) and Affected customers informed and supported.
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Failles dans la protection des données clientsProcédures de vérification insuffisantes pour les transferts de numéro.
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Strengthened security measures (unspecified), Ajout d'un contrôle SMS pour les transferts de numéroÉvaluation périodique par l'IBPTSensibilisation des clients.
.png)
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community Edition version 17.0.99.1763126988 and Tuleap Enterprise Edition versions 17.0-3 and 16.13-8.
Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10.
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.
Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not have access to. This issue is fixed in version 17.0.99.1762431347 of the Tuleap Community Edition and versions 17.0-2, 16.13-7 and 16.12-10 of Tuleap Enterprise Edition.
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid