Orange Cyberdefense Company CyberSecurity Posture
orangecyberdefense.com
Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group. As the leading security provider, we strive to build a safer digital society.
Company Details
orange-cyberdefense
3,951
221,341
5415
orangecyberdefense.com
0
ORA_2498266
In-progress
Orange Cyberdefense Risk Score (AI oriented)Between 700 and 749
Orange Cyberdefense Global Score (TPRM)XXXX
Description: Orange Belgium disclosed a cyberattack discovered in late July 2024, compromising data from **850,000 customer accounts**. The breach exposed non-critical but sensitive personal information, including **names, first names, telephone numbers, SIM card numbers, and PUK (Personal Unblocking Key) codes**—8-digit security codes used to unblock SIM cards. The company confirmed that **no passwords, email addresses, banking, or financial details** were accessed. Upon detection, Orange Belgium blocked access to the affected system, reinforced security measures, and notified relevant authorities, filing an official complaint. Customers were alerted via email and SMS, with warnings to stay vigilant against potential phishing attempts via a dedicated webpage. The attack’s connection to a prior incident at parent company **Orange Group** (detected on July 25, with no confirmed customer data extraction) remains unconfirmed. The nature of the attack (e.g., method, perpetrator) was not disclosed.
Description: Orange Belgique, a telecommunications operator and subsidiary of the French Orange Group, detected a cyberattack in late July 2024 that compromised a system containing non-critical customer data. The breach exposed personal information of approximately **850,000 clients**, including **names, surnames, phone numbers, SIM card numbers, PUK codes, and tariff plans**. The company confirmed that **no critical data**—such as passwords, email addresses, or banking details—was accessed or stolen. Despite the limited scope of the exposed data, Orange Belgique filed a complaint with judicial authorities and advised customers to remain cautious against phishing or suspicious communications. The incident highlights vulnerabilities in the operator’s infrastructure, though the financial and operational impact appears contained due to the absence of high-risk data exposure.
Description: Orange Belgium, a major telecom operator, suffered a cyberattack targeting its IT systems, raising concerns over potential **theft of customer phone numbers**. The attack exposed vulnerabilities where fraudsters could exploit stolen customer data to impersonate legitimate users and **hijack phone numbers via SIM-swap fraud**. Once in control of a victim’s number, attackers could intercept **verification codes** (e.g., for password resets, email, social media, or payment systems), enabling broader fraudulent activities like account takeovers or financial theft. The Belgian telecom regulator (IBPT) responded by mandating an **additional verification step**—sending an SMS alert to customers for any number-transfer requests, allowing them to block unauthorized changes by replying 'STOP'. While no large-scale data breach (e.g., financial or sensitive personal records) was confirmed, the attack **disrupted trust in Orange’s security**, forced operational changes, and posed **reputational and financial risks** due to potential downstream fraud. Customers were urged to enable multi-factor authentication and scrutinize suspicious communications, highlighting the attack’s **secondary impact on user behavior and operational processes**.
Description: The cyber attackers targeted Orange and its subsidiary internet provider Nordnet in France. The cyberattack affected thousands of internet users across Europe amid the Ukraine-Russia war. Nearly 9,000 subscribers were affected by this internet outage.
Description: The telecommunications company Orange reported being a victim of a cyberattack on Friday, affecting one of its information systems. This attack caused service disruptions for some of its corporate clients and a few public services, mainly in France. The company has filed a complaint and stated that as of the current stage of investigations, there is no indication that any customer or company data has been exfiltrated. Services and management platforms are expected to gradually reopen by Wednesday morning.
Description: Orange Group, a leading telecom operator, faced a cyberattack that disrupted its services. The attack, detected on July 25, forced the company to isolate potentially affected services, leading to temporary disruptions for business customers and a few consumer services in France. Although no data exfiltration or tampering was reported, the disruptions impacted various management services and platforms. The company implemented solutions to restore services and filed complaints with regulators and authorities.
Description: An unknown number of consumers were unable to access specific websites as a result of a hack that targeted Orange's Spanish business, a telecom operator. Orange successfully identified and neutralised the majority of the unauthorised access to its IP network coordination centre. The French corporation said that there was no risk to client data in a message posted on the social networking platform X.
Description: French telecommunications company Orange S.A.was targeted by a Nefilim ransomware group which resulted in data loss. The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems. The data from about 20 customers on its virtual hosting service was accessed by those behind the ransomware attack.
Description: Major telecommunications provider Orange suffered a severe security breach by the Babuk ransomware gang, resulting in the theft of 4.5 TB of sensitive data. The compromised data includes customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, and other personal information. This cyberattack has put both customers and the company at significant risk, impacting the confidentiality, integrity, and availability of valuable data.
Description: A criminal hacking gang, identified as Warlock, executed a ransomware attack on **Orange SA**, a major French telecommunications company, in late July 2025. The attackers breached internal systems, exfiltrating approximately **4 GB of business customer data**, which was later published on the dark web in mid-August. While Orange claimed the stolen data was **outdated or of low sensitivity**, the incident follows prior breaches in 2025, including a July attack on **850,000 customer accounts** in its Belgian division and a separate leak of **employee data in Romania**.The Warlock group, known for leasing ransomware to affiliate hackers, encrypted Orange’s systems and demanded payment for decryption. Orange collaborated with affected companies and authorities, notifying impacted parties before the data’s public release. Telecommunications firms remain high-value targets due to their repositories of **financial, governmental, and corporate communication data**, amplifying risks of reputational damage, regulatory scrutiny, and operational disruption.
Description: On March 17, 2022, Orange Business Services U.S., Inc. (OBS) discovered a data breach involving unauthorized access to servers belonging to its subsidiary, Orange Silicon Valley, LLC (OSV), which had occurred on January 4, 2022. The incident compromised sensitive personal information of **6,567 individuals**, including **9 Maine residents**, with exposed data including **Social Security numbers (SSNs)**—a high-value target for identity theft and financial fraud. The breach highlights a significant security lapse, as SSNs are critical identifiers that can enable long-term fraud, financial exploitation, and reputational damage for affected individuals. While the exact method of unauthorized access was not detailed, the exposure of such sensitive data suggests a failure in access controls, monitoring, or incident response protocols. The delay between the breach (January 4) and its discovery (March 17)—over **two months**—further exacerbates the risk, as threat actors could have exploited the stolen data during this period. The incident underscores the broader implications for Orange Business Services, including potential **legal liabilities** under data protection laws (e.g., GDPR, state-level breach notification statutes), **regulatory scrutiny**, and **loss of customer trust**. Given the nature of the exposed data, affected individuals face heightened risks of identity theft, phishing attacks, and financial fraud, necessitating credit monitoring and remediation efforts.
Description: Orange Cyberdefense apparently suffered a data breach incident after a popular forum offered data allegedly from their firm. Data in the sample included Contact Name, Email, Phone Number, Company Name, and Solution Name. The listing also offered to sell access to Orange Cyberdefense’s servers.
No incidents recorded for Orange Cyberdefense in 2025.
No incidents recorded for Orange Cyberdefense in 2025.
No incidents recorded for Orange Cyberdefense in 2025.
Orange Cyberdefense cyber incidents detection timeline including parent company and subsidiaries
Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group. As the leading security provider, we strive to build a safer digital society.
We’re a cloud technology company that provides organizations around the world with computing infrastructure and software to help them innovate, unlock efficiencies and become more effective. We also created the world’s first – and only – autonomous database to help organize and secure our customers’
At Orange Business, our ambition is to become the leading european Network and Digital Integrator by leveraging our proven expertise in next-generation connectivity solutions, the cloud and cybersecurity. Our 30,000 women and men are present in 65 countries, where every voice counts. Together, we a
VOIS (Vodafone Intelligent Solutions) is a strategic arm of Vodafone Group Plc, creating value for customers by delivering intelligent solutions through Talent, Technology & Transformation. As the largest shared services organisation in the global telco industry, our portfolio of next-generation s
ITC Infotech is a global technology solution and services leader providing business-friendly solutions, that enable future-readiness for clients. We seamlessly bring together digital expertise, strong industry-specific alliances, and deep domain expertise from ITC Group businesses. Our solutions and
Tech Mahindra offers technology consulting and digital solutions to global enterprises across industries, enabling transformative scale at unparalleled speed. With 150,000+ professionals across 90+ countries helping 1100+ clients, TechM provides a full spectrum of services including consulting, info
We automate, digitize and transform the way people bank and shop. We offer proven expertise and comprehensive portfolios in cutting-edge product technology, multi-vendor software and service excellence for financial and retail customers. Consumer behavior is changing rapidly; people are empowered a
Bring teams together, reimagine workspaces, engage new audiences, and delight your customers –– all on the Zoom AI-first work platform you know and love. 💙 Zoomies help people stay connected so they can get more done together. We set out on a mission to make video communications frictionless and se
At CDW, we know how to make technology work so people can do great things. Our experts bring a full-stack, full-lifestyle approach with custom solutions, services and relationships to bring your vision to life. Through decades of experience, scale, and deep industry expertise, we deliver the full
We are a global technology solutions company that powers breakthroughs for the world’s leading organizations. These solutions — digital workplace, cloud, applications & infrastructure, enterprise computing and business process solutions — help people overcome obstacles and not only reach their great
.png)
South Africa recorded 110 cybercrime incidents in five years, the highest in Africa. Experts warn of rising ransomware threats and...
SCUT, Romania's newest cybersecurity company, has officially launched the concept of the digital cyber shield — a unified approach,...
Business - SCUT, Romania's newest cybersecurity company, has introduced the concept of a digital cyber shield, a unified approach co-created...
SCUT, Romania's newest cybersecurity company, has officially launched the digital cyber shield concept, Orange Cyberdefense.
Charl van der Walt, Global Head of Security Research at Orange Cyberdefense breaks down the PEST framework, especially on how treats are emerging for its...
Orange Cyberdefense has announces a partnership with Qevlar AI to strengthen its advanced detection services. By combining its Cyber Threat...
Orange Cyberdefense has partnered with Qevlar AI to integrate artificial intelligence into its threat monitoring systems, in a move that...
Orange Group's cybersecurity arm, Cyberdefense, has partnered with French cybersecurity startup Qevlar AI to fight cybercrime across the...
Orange Cyberdefense, the cybersecurity subsidiary of the Orange group, announced that its Security Operation Centres (SOCs) are gradually...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Orange Cyberdefense is https://orangecyberdefense.com.
According to Rankiteo, Orange Cyberdefense’s AI-generated cybersecurity score is 745, reflecting their Moderate security posture.
According to Rankiteo, Orange Cyberdefense currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Orange Cyberdefense is not certified under SOC 2 Type 1.
According to Rankiteo, Orange Cyberdefense does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Orange Cyberdefense is not listed as GDPR compliant.
According to Rankiteo, Orange Cyberdefense does not currently maintain PCI DSS compliance.
According to Rankiteo, Orange Cyberdefense is not compliant with HIPAA regulations.
According to Rankiteo,Orange Cyberdefense is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Orange Cyberdefense operates primarily in the IT Services and IT Consulting industry.
Orange Cyberdefense employs approximately 3,951 people worldwide.
Orange Cyberdefense presently has no subsidiaries across any sectors.
Orange Cyberdefense’s official LinkedIn profile has approximately 221,341 followers.
Orange Cyberdefense is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
No, Orange Cyberdefense does not have a profile on Crunchbase.
Yes, Orange Cyberdefense maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/orange-cyberdefense.
As of November 27, 2025, Rankiteo reports that Orange Cyberdefense has experienced 12 cybersecurity incidents.
Orange Cyberdefense has an estimated 36,305 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Breach, Cyber Attack and Ransomware.
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with the company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., and containment measures with identified and neutralised the majority of the unauthorised access, and communication strategy with posted a message on the social networking platform x, and and third party assistance with orange cyberdefense, and and containment measures with isolated potentially affected services, and recovery measures with gradual reopening of services and platforms, and communication strategy with public announcement and updates, and containment measures with isolate affected services, and recovery measures with implementing solutions to restore services, and communication strategy with informing and assisting affected customers, and and and containment measures with blocked access to the affected system, and remediation measures with strengthened security measures, and communication strategy with public statement, communication strategy with customer notifications via email and text message, communication strategy with dedicated web page for phishing awareness, and and communication strategy with recommandation aux clients de rester vigilants face aux communications suspectes, and and and remediation measures with collaboration with affected companies, remediation measures with coordination with authorities, and communication strategy with advance notification to affected companies, communication strategy with public disclosure, and incident response plan activated with oui (mesures approuvées par l'ibpt), and third party assistance with ibpt (institut belge des services postaux et télécommunications), and containment measures with contrôle supplémentaire via sms de vérification pour les transferts de numéro, containment measures with possibilité d'annulation par le client en répondant 'stop', and remediation measures with évaluation périodique de la mesure par l'ibpt, remediation measures with adaptation si nécessaire, and communication strategy with avis publics via l'ibpt, communication strategy with messages sms aux clients concernés, communication strategy with recommandations de sécurité générales (double authentification, vigilance face aux messages suspects)..
Title: Cyber Attack on Orange and Nordnet
Description: Cyber attackers targeted Orange and its subsidiary internet provider Nordnet in France, affecting thousands of internet users across Europe amid the Ukraine-Russia war.
Type: Cyber Attack
Title: Orange S.A. Nefilim Ransomware Attack
Description: French telecommunications company Orange S.A. was targeted by a Nefilim ransomware group which resulted in data loss.
Type: Ransomware
Threat Actor: Nefilim ransomware group
Title: Data Breach at Orange Cyberdefense
Description: Orange Cyberdefense suffered a data breach incident after a popular forum offered data allegedly from their firm. The data in the sample included Contact Name, Email, Phone Number, Company Name, and Solution Name. The listing also offered to sell access to Orange Cyberdefense’s servers.
Type: Data Breach
Motivation: Data Theft, Financial Gain
Title: Hack Targeting Orange's Spanish Business
Description: An unknown number of consumers were unable to access specific websites as a result of a hack that targeted Orange's Spanish business, a telecom operator. Orange successfully identified and neutralised the majority of the unauthorised access to its IP network coordination centre. The French corporation said that there was no risk to client data in a message posted on the social networking platform X.
Type: Hack
Title: Orange Telecommunications Breach by Babuk Ransomware
Description: Major telecommunications provider Orange suffered a severe security breach by the Babuk ransomware gang, resulting in the theft of 4.5 TB of sensitive data. The compromised data includes customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, and other personal information. This cyberattack has put both customers and the company at significant risk, impacting the confidentiality, integrity, and availability of valuable data.
Type: Data Breach, Ransomware
Threat Actor: Babuk ransomware gang
Title: Cyberattack on Orange Telecommunications
Description: Orange, a telecommunications group, experienced a cyberattack on one of its information systems, leading to service disruptions for some of its enterprise clients and a few public services, mainly in France.
Date Detected: 2023-07-28
Date Publicly Disclosed: 2023-07-31
Type: Cyberattack
Title: Orange warns customers of an ongoing cyberattack
Description: Orange Group, one of the world’s leading telecom operators, has warned about a cyberattack that disrupted some of its services. The attack forced it to isolate parts of its network, causing disruptions. The company detected the attack on July 25 and is implementing solutions to restore services. There was no evidence of data exfiltration or tampering.
Date Detected: 2023-07-25
Type: Cyberattack
Threat Actor: Salt TyphoonChinese state-sponsored group
Motivation: Disrupt servicesEavesdropping on vital communicationsExfiltrating sensitive information
Title: Orange Belgium Cyberattack Compromising Customer Data
Description: Orange Belgium announced a cyberattack discovered at the end of July 2023 that compromised data from 850,000 customer accounts. The hacker accessed an IT system containing non-critical customer data, including names, telephone numbers, SIM card numbers, PUK codes, and tariff plans. The company blocked access to the affected system, strengthened security measures, and alerted authorities. Customers were notified via email and text message and advised to watch for phishing attempts.
Date Detected: Late July 2023 (exact date unspecified)
Date Publicly Disclosed: Wednesday, August 2, 2023 (approximate, based on announcement timing)
Type: Data Breach
Title: Cyberattaque chez Orange Belgique affectant les données de 850.000 clients
Description: Orange Belgique, opérateur de télécommunications, a détecté une cyberattaque fin juillet 2023. L'attaquant a accédé à un système informatique contenant des données personnelles non critiques de 850.000 clients (nom, prénom, numéro de téléphone, numéro de carte SIM, code PUK, plan tarifaire). Aucune donnée critique (mots de passe, adresses e-mail, coordonnées bancaires) n'a été compromise. Une plainte a été déposée auprès des autorités judiciaires, et les clients sont invités à rester vigilants face aux communications suspectes.
Date Detected: fin juillet 2023
Date Publicly Disclosed: mercredi (date exacte non précisée, probablement début août 2023)
Type: cyberattaque (accès non autorisé à des données)
Title: Orange Business Services U.S., Inc. Data Breach (2022)
Description: The Maine Office of the Attorney General reported that on March 17, 2022, Orange Business Services U.S., Inc. (OBS) learned of a data breach involving unauthorized access to several Orange Silicon Valley, LLC (OSV) servers, which occurred on January 4, 2022. The breach affected 6,567 individuals, including 9 residents of Maine, whose information included Social Security numbers.
Date Detected: 2022-03-17
Type: Data Breach
Title: Ransomware Hack Hits Orange Telecom, Data Published on Dark Web
Description: A criminal hacking gang (Warlock) stole business customer data from French telecommunications company Orange SA and published ~4GB of data on the dark web in mid-August 2025. The breach was disclosed to authorities in late July 2025. Orange confirmed the data was outdated or low-sensitivity and had informed affected companies in advance. This follows separate incidents in July (Belgian customer data breach) and another involving employee data in Romania published on the dark web.
Date Detected: 2025-07-01T00:00:00Z
Date Publicly Disclosed: 2025-07-31T00:00:00Z
Type: ransomware
Attack Vector: ransomware (Warlock)system compromise
Threat Actor: Warlock (ransomware-as-a-service group)
Motivation: financial gaindata theft
Title: Cyberattaque ciblant Orange Belgium avec risque de vol de numéros de téléphone
Description: Une cyberattaque a visé les systèmes informatiques d'Orange Belgium, entraînant un risque de vol de numéros de téléphone par des escrocs utilisant des données personnelles de clients pour usurper leur identité. L'IBPT (Institut Belge des services Postaux et Télécommunications) a approuvé une mesure de contrôle supplémentaire : un SMS de vérification envoyé aux clients en cas de demande de transfert de numéro, permettant d'annuler la demande en répondant 'STOP' si elle est frauduleuse. Le message est envoyé depuis le numéro 5000 (particuliers) ou 5995 (professionnels).
Type: Cyberattaque
Attack Vector: Exploitation de données personnelles voléesIngénierie socialeSIM swapping
Vulnerability Exploited: Faiblesse dans les procédures de vérification d'identitéAccès non autorisé aux données clients
Threat Actor: Escrocs / Cybercriminels (non identifiés)
Motivation: Fraude financièreVol d'identitéAccès non autorisé à des comptes en ligne
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Systems Affected: Internet Services
Data Compromised: Data from about 20 customers on its virtual hosting service was accessed.
Data Compromised: Contact name, Email, Phone number, Company name, Solution name
Systems Affected: IP network coordination centre
Operational Impact: Consumers unable to access specific websites
Data Compromised: Customer records, Email addresses, User data, Source code, Invoices, Internal documents, Contracts, Employee details, Credit cards, Messages, Call logs, Other personal information
Systems Affected: Some enterprise client services and a few public services
Downtime: Some services and management platforms will reopen gradually by Wednesday morning
Operational Impact: Service disruptions for enterprise clients and public services
Systems Affected: Management servicesPlatformsConsumer services
Downtime: ['Temporary service disruptions', 'Some users completely offline']
Data Compromised: Customer names (first and last), Telephone numbers, Sim card numbers, Puk (personal unblocking key) codes, Tariff plans
Systems Affected: An IT system containing customer data
Brand Reputation Impact: Potential risk due to exposure of customer data and phishing warnings
Identity Theft Risk: Low (no critical data like passwords, emails, or financial details compromised, but PUK codes could enable SIM swapping)
Payment Information Risk: None (no banking or financial details exposed)
Data Compromised: Nom, Prénom, Numéro de téléphone, Numéro de carte sim, Code puk, Plan tarifaire
Systems Affected: un système informatique (non spécifié)
Brand Reputation Impact: potentiel (recommandation de vigilance aux clients)
Legal Liabilities: plainte déposée auprès des autorités judiciaires
Identity Theft Risk: faible (données non critiques, mais risque de phishing accru)
Payment Information Risk: aucun (coordonnées bancaires non compromises)
Data Compromised: Social security numbers
Systems Affected: Orange Silicon Valley, LLC (OSV) servers
Identity Theft Risk: High (Social Security numbers exposed)
Data Compromised: Business customer data, Outdated/low-sensitivity data
Systems Affected: internal systems
Operational Impact: limited
Brand Reputation Impact: moderate (public disclosure of breach)
Identity Theft Risk: low (data described as outdated/low-sensitivity)
Data Compromised: Données personnelles des clients (non précisées), Numéros de téléphone
Systems Affected: Systèmes informatiques d'Orange Belgium (partiellement)Procédures de transfert de numéro
Operational Impact: Renforcement des contrôles de sécurité pour les transferts de numéroCommunication accrue avec les clients
Brand Reputation Impact: Risque de perte de confiance des clientsNécéssité de mesures correctives publiques
Identity Theft Risk: ["Élevé (vol de numéros de téléphone pour usurpation d'identité)"]
Payment Information Risk: ["Risque accru via l'accès aux codes de vérification envoyés par SMS"]
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Contact Name, Email, Phone Number, Company Name, Solution Name, , Customer Records, Email Addresses, User Data, Source Code, Invoices, Internal Documents, Contracts, Employee Details, Credit Cards, Messages, Call Logs, Other Personal Information, , Personal Data (Names, Telephone Numbers), Sim-Related Data (Sim Card Numbers, Puk Codes), Service Data (Tariff Plans), , Informations Personnelles (Non Critiques), , Personally Identifiable Information (Pii), , Business Customer Data, Outdated Data, Low-Sensitivity Data, , Données Personnelles (Non Détaillées), Numéros De Téléphone and .
Entity Name: Orange
Entity Type: Company
Industry: Telecommunications
Location: France
Customers Affected: 9000
Entity Name: Nordnet
Entity Type: Company
Industry: Internet Service Provider
Location: France
Customers Affected: 9000
Entity Name: Orange S.A.
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: France
Customers Affected: 20
Entity Name: Orange Cyberdefense
Entity Type: Company
Industry: Cybersecurity
Entity Name: Orange
Entity Type: Telecom Operator
Industry: Telecommunications
Location: Spain
Customers Affected: Unknown number
Entity Name: Orange
Entity Type: Telecommunications provider
Industry: Telecommunications
Entity Name: Orange
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: France
Customers Affected: Enterprise clients and some public services
Entity Name: Orange Group
Entity Type: Telecom Operator
Industry: Telecommunications
Location: France
Customers Affected: Business customers, Consumer services
Entity Name: Orange Belgium
Entity Type: Telecommunications Provider
Industry: Telecommunications
Location: Belgium
Customers Affected: 850,000
Entity Name: Orange Belgique
Entity Type: opérateur de télécommunications
Industry: télécommunications
Location: Belgique
Customers Affected: 850.000
Entity Name: Orange Business Services U.S., Inc. (OBS)
Entity Type: Corporation
Industry: Telecommunications / IT Services
Location: United States
Customers Affected: 6,567 individuals (including 9 Maine residents)
Entity Name: Orange Silicon Valley, LLC (OSV)
Entity Type: Subsidiary
Industry: Telecommunications / IT Services
Location: Silicon Valley, California, USA
Entity Name: Orange SA
Entity Type: telecommunications
Industry: telecommunications
Location: France (HQ: Paris)
Size: large enterprise
Entity Name: Orange Belgium
Entity Type: subsidiary
Industry: telecommunications
Location: Belgium
Customers Affected: 850,000 (separate incident in July 2025)
Entity Name: Orange Romania
Entity Type: subsidiary
Industry: telecommunications
Location: Romania
Entity Name: Orange Belgium
Entity Type: Opérateur télécom
Industry: Télécommunications
Location: Belgique
Customers Affected: Clients particuliers et professionnels (nombre non précisé)
Containment Measures: The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems.
Containment Measures: Identified and neutralised the majority of the unauthorised access
Communication Strategy: Posted a message on the social networking platform X
Incident Response Plan Activated: True
Third Party Assistance: Orange Cyberdefense.
Containment Measures: Isolated potentially affected services
Recovery Measures: Gradual reopening of services and platforms
Communication Strategy: Public announcement and updates
Containment Measures: Isolate affected services
Recovery Measures: Implementing solutions to restore services
Communication Strategy: Informing and assisting affected customers
Incident Response Plan Activated: True
Containment Measures: Blocked access to the affected system
Remediation Measures: Strengthened security measures
Communication Strategy: Public statementCustomer notifications via email and text messageDedicated web page for phishing awareness
Communication Strategy: recommandation aux clients de rester vigilants face aux communications suspectes
Incident Response Plan Activated: True
Remediation Measures: collaboration with affected companiescoordination with authorities
Communication Strategy: advance notification to affected companiespublic disclosure
Incident Response Plan Activated: Oui (mesures approuvées par l'IBPT)
Third Party Assistance: Ibpt (Institut Belge Des Services Postaux Et Télécommunications).
Containment Measures: Contrôle supplémentaire via SMS de vérification pour les transferts de numéroPossibilité d'annulation par le client en répondant 'STOP'
Remediation Measures: Évaluation périodique de la mesure par l'IBPTAdaptation si nécessaire
Communication Strategy: Avis publics via l'IBPTMessages SMS aux clients concernésRecommandations de sécurité générales (double authentification, vigilance face aux messages suspects)
Incident Response Plan: The company's incident response plan is described as Oui (mesures approuvées par l'IBPT).
Third-Party Assistance: The company involves third-party assistance in incident response through Orange Cyberdefense, , IBPT (Institut Belge des services Postaux et Télécommunications), .
Type of Data Compromised: Contact name, Email, Phone number, Company name, Solution name
Personally Identifiable Information: Contact NameEmailPhone Number
Type of Data Compromised: Customer records, Email addresses, User data, Source code, Invoices, Internal documents, Contracts, Employee details, Credit cards, Messages, Call logs, Other personal information
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Type of Data Compromised: Personal data (names, telephone numbers), Sim-related data (sim card numbers, puk codes), Service data (tariff plans)
Number of Records Exposed: 850,000
Sensitivity of Data: Moderate (no critical data like passwords or financial details, but PUK codes are sensitive)
Personally Identifiable Information: NamesTelephone numbers
Type of Data Compromised: Informations personnelles (non critiques)
Number of Records Exposed: 850.000
Sensitivity of Data: faible à modérée (pas de données financières ou d'authentification)
Data Exfiltration: probable (accès confirmé, mais exfiltration non explicitement mentionnée)
Personally Identifiable Information: nomprénomnuméro de téléphone
Type of Data Compromised: Personally identifiable information (pii)
Number of Records Exposed: 6,567
Sensitivity of Data: High
Data Exfiltration: Yes (unauthorized access)
Personally Identifiable Information: Social Security numbers
Type of Data Compromised: Business customer data, Outdated data, Low-sensitivity data
Sensitivity of Data: low
Data Encryption: True
Type of Data Compromised: Données personnelles (non détaillées), Numéros de téléphone
Sensitivity of Data: Élevée (risque d'usurpation d'identité et de fraude)
Data Exfiltration: Probable (utilisation des données par des escrocs)
Personally Identifiable Information: Numéros de téléphoneAutres données personnelles (non spécifiées)
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Strengthened security measures, , collaboration with affected companies, coordination with authorities, , Évaluation périodique de la mesure par l'IBPT, Adaptation si nécessaire, .
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by the company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., identified and neutralised the majority of the unauthorised access, , isolated potentially affected services, isolate affected services, , blocked access to the affected system, , contrôle supplémentaire via sms de vérification pour les transferts de numéro, possibilité d'annulation par le client en répondant 'stop' and .
Ransomware Strain: Nefilim
Ransomware Strain: Warlock
Data Encryption: True
Data Exfiltration: True
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Gradual reopening of services and platforms, Implementing solutions to restore services, .
Legal Actions: Filed a complaint for 'attack on its information system'
Regulatory Notifications: Filed notices with relevant authorities
Legal Actions: Official complaint filed with judicial authorities,
Regulatory Notifications: Relevant authorities alerted
Legal Actions: plainte déposée
Regulatory Notifications: Maine Office of the Attorney General
Regulatory Notifications: French national authorities (disclosed late July 2025)
Regulatory Notifications: Notification et collaboration avec l'IBPT pour les mesures correctives
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Filed a complaint for 'attack on its information system', Official complaint filed with judicial authorities, , plainte déposée.
Lessons Learned: Nécessité de renforcer les procédures de vérification d'identité pour les transferts de numéro, Importance de la communication proactive avec les clients en cas de risque de fraude, Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité
Recommendations: Customers advised to monitor for phishing attempts, Company likely reviewing access controls and system segmentationCustomers advised to monitor for phishing attempts, Company likely reviewing access controls and system segmentation
Recommendations: Rester vigilants face à toute communication suspecte (ex. phishing).
Recommendations: Activer la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphone
Key Lessons Learned: The key lessons learned from past incidents are Nécessité de renforcer les procédures de vérification d'identité pour les transferts de numéro,Importance de la communication proactive avec les clients en cas de risque de fraude,Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité.
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Rester vigilants face à toute communication suspecte (ex. phishing)..
Source: Social networking platform X
Source: TechRadar Pro
Source: Orange Belgium Public Statement
Date Accessed: August 2023
Source: Annonce publique d'Orange Belgique
Source: Maine Office of the Attorney General
Source: IBPT (Institut Belge des services Postaux et Télécommunications)
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Social networking platform X, and Source: OrangeDate Accessed: 2023-07-31, and Source: TechRadar Pro, and Source: Orange Belgium Public StatementDate Accessed: August 2023, and Source: Annonce publique d'Orange Belgique, and Source: Maine Office of the Attorney General, and Source: BloombergDate Accessed: 2025-01-01, and Source: Orange SA spokesperson statementDate Accessed: 2025-08-15, and Source: IBPT (Institut Belge des services Postaux et Télécommunications).
Investigation Status: Ongoing
Investigation Status: Ongoing (no updates on root cause or relation to Orange Group incident)
Investigation Status: en cours (plainte déposée, détails limités)
Investigation Status: ongoing (as of August 2025)
Investigation Status: Mesures correctives en cours (évaluation périodique par l'IBPT)
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Posted A Message On The Social Networking Platform X, Public announcement and updates, Informing And Assisting Affected Customers, Public Statement, Customer Notifications Via Email And Text Message, Dedicated Web Page For Phishing Awareness, recommandation aux clients de rester vigilants face aux communications suspectes, Advance Notification To Affected Companies, Public Disclosure, Avis Publics Via L'Ibpt, Messages Sms Aux Clients Concernés, Recommandations De Sécurité Générales (Double Authentification and Vigilance Face Aux Messages Suspects).
Stakeholder Advisories: Customers Notified Via Email And Text Message.
Customer Advisories: Warning about potential phishing attemptsDedicated web page for guidance
Customer Advisories: Recommandation de vigilance contre les communications suspectes.
Stakeholder Advisories: Affected Companies Notified In Advance.
Stakeholder Advisories: Avis Public De L'Ibpt Sur Les Risques De Fraude, Recommandations De Sécurité Pour Tous Les Utilisateurs De Services Télécoms.
Customer Advisories: SMS de vérification envoyé depuis le 5000 (particuliers) ou 5995 (professionnels) en cas de demande de transfert de numéroInstructions pour annuler une demande frauduleuse en répondant 'STOP'Conseils généraux de sécurité (double authentification, vigilance)
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers Notified Via Email And Text Message, Warning About Potential Phishing Attempts, Dedicated Web Page For Guidance, , Recommandation de vigilance contre les communications suspectes., Affected Companies Notified In Advance, Avis Public De L'Ibpt Sur Les Risques De Fraude, Recommandations De Sécurité Pour Tous Les Utilisateurs De Services Télécoms, Sms De Vérification Envoyé Depuis Le 5000 (Particuliers) Ou 5995 (Professionnels) En Cas De Demande De Transfert De Numéro, Instructions Pour Annuler Une Demande Frauduleuse En Répondant 'Stop', Conseils Généraux De Sécurité (Double Authentification, Vigilance) and .
High Value Targets: Business Customer Data,
Data Sold on Dark Web: Business Customer Data,
High Value Targets: Données Clients (Numéros De Téléphone Et Informations Personnelles),
Data Sold on Dark Web: Données Clients (Numéros De Téléphone Et Informations Personnelles),
Corrective Actions: Strengthened Security Measures (Unspecified),
Root Causes: Failles Dans La Protection Des Données Clients, Procédures De Vérification Insuffisantes Pour Les Transferts De Numéro,
Corrective Actions: Ajout D'Un Contrôle Sms Pour Les Transferts De Numéro, Évaluation Périodique Par L'Ibpt, Sensibilisation Des Clients,
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Orange Cyberdefense, , Ibpt (Institut Belge Des Services Postaux Et Télécommunications), .
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Strengthened Security Measures (Unspecified), , Ajout D'Un Contrôle Sms Pour Les Transferts De Numéro, Évaluation Périodique Par L'Ibpt, Sensibilisation Des Clients, .
Last Attacking Group: The attacking group in the last incident were an Nefilim ransomware group, Babuk ransomware gang, Salt TyphoonChinese state-sponsored group, Warlock (ransomware-as-a-service group) and Escrocs / Cybercriminels (non identifiés).
Most Recent Incident Detected: The most recent incident detected was on 2023-07-28.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-07-31T00:00:00Z.
Most Significant Data Compromised: The most significant data compromised in an incident were Data from about 20 customers on its virtual hosting service was accessed., Contact Name, Email, Phone Number, Company Name, Solution Name, , customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, other personal information, , Customer names (first and last), Telephone numbers, SIM card numbers, PUK (Personal Unblocking Key) codes, Tariff plans, , nom, prénom, numéro de téléphone, numéro de carte SIM, code PUK, plan tarifaire, , Social Security numbers, , business customer data, outdated/low-sensitivity data, , Données personnelles des clients (non précisées), Numéros de téléphone and .
Most Significant System Affected: The most significant system affected in an incident were IP network coordination centre and and Management servicesPlatformsConsumer services and An IT system containing customer data and un système informatique (non spécifié) and Orange Silicon Valley, LLC (OSV) servers and internal systems and Systèmes informatiques d'Orange Belgium (partiellement)Procédures de transfert de numéro.
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was orange cyberdefense, , ibpt (institut belge des services postaux et télécommunications), .
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., Identified and neutralised the majority of the unauthorised access, Isolated potentially affected services, Isolate affected services, Blocked access to the affected system and Contrôle supplémentaire via SMS de vérification pour les transferts de numéroPossibilité d'annulation par le client en répondant 'STOP'.
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were SIM card numbers, other personal information, contracts, business customer data, Solution Name, invoices, numéro de téléphone, Numéros de téléphone, messages, employee details, internal documents, Social Security numbers, Phone Number, source code, Données personnelles des clients (non précisées), Email, Data from about 20 customers on its virtual hosting service was accessed., PUK (Personal Unblocking Key) codes, prénom, numéro de carte SIM, nom, outdated/low-sensitivity data, credit cards, Customer names (first and last), Tariff plans, Telephone numbers, email addresses, call logs, user data, code PUK, plan tarifaire, Company Name, Contact Name and customer records.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 857.4K.
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Filed a complaint for 'attack on its information system', Official complaint filed with judicial authorities, , plainte déposée.
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité.
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Customers advised to monitor for phishing attempts, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Être vigilant face aux appels ou messages suspects, Company likely reviewing access controls and system segmentation, Rester vigilants face à toute communication suspecte (ex. phishing)., Activer la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux and Surveiller les activités suspectes sur les comptes liés au numéro de téléphone.
Most Recent Source: The most recent source of information about an incident are Maine Office of the Attorney General, Annonce publique d'Orange Belgique, Orange, TechRadar Pro, Orange SA spokesperson statement, IBPT (Institut Belge des services Postaux et Télécommunications), Bloomberg, Orange Belgium Public Statement and Social networking platform X.
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers notified via email and text message, affected companies notified in advance, Avis public de l'IBPT sur les risques de fraude, Recommandations de sécurité pour tous les utilisateurs de services télécoms, .
Most Recent Customer Advisory: The most recent customer advisory issued were an Warning about potential phishing attemptsDedicated web page for guidance, Recommandation de vigilance contre les communications suspectes., SMS de vérification envoyé depuis le 5000 (particuliers) ou 5995 (professionnels) en cas de demande de transfert de numéroInstructions pour annuler une demande frauduleuse en répondant 'STOP'Conseils généraux de sécurité (double authentification and vigilance).
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Failles dans la protection des données clientsProcédures de vérification insuffisantes pour les transferts de numéro.
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Strengthened security measures (unspecified), Ajout d'un contrôle SMS pour les transferts de numéroÉvaluation périodique par l'IBPTSensibilisation des clients.
.png)
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid