Orange Belgium, a major telecom operator, suffered a cyberattack targeting its IT systems, raising concerns over potential theft of customer phone numbers. The attack exposed vulnerabilities where fraudsters could exploit stolen customer data to impersonate legitimate users and hijack phone numbers via SIM-swap fraud. Once in control of a victim’s number, attackers could intercept verification codes (e.g., for password resets, email, social media, or payment systems), enabling broader fraudulent activities like account takeovers or financial theft. The Belgian telecom regulator (IBPT) responded by mandating an additional verification step—sending an SMS alert to customers for any number-transfer requests, allowing them to block unauthorized changes by replying 'STOP'. While no large-scale data breach (e.g., financial or sensitive personal records) was confirmed, the attack disrupted trust in Orange’s security, forced operational changes, and posed reputational and financial risks due to potential downstream fraud. Customers were urged to enable multi-factor authentication and scrutinize suspicious communications, highlighting the attack’s secondary impact on user behavior and operational processes.

Orange Hit by Ransomware Attack as Warlock Gang Leaks Stolen Business Data French telecommunications giant Orange has confirmed a ransomware attack by the cybercriminal group Warlock, which resulted in the theft and publication of business customer data. The breach, disclosed to national authorities in late July, saw approximately four gigabytes of data posted to the dark web in mid-August. According to sources familiar with the incident, the attack targeted Orange’s internal systems using ransomware leased by Warlock a group known for providing its malware to other hackers in exchange for a cut of ransom payments. While Orange acknowledged the data leak, a spokesperson stated that the compromised information was "outdated or low-sensitivity" and that affected businesses were notified prior to the public release. The company is collaborating with authorities and impacted clients to mitigate the fallout. This incident marks the third major breach for Orange in 2024. In July, attackers accessed customer data from its Belgian division, while a separate attack exposed employee records from its Romanian operations on the dark web. Telecom providers remain prime targets for cybercriminals due to the vast amounts of financial, government, and corporate data they handle. The repeated attacks on Orange underscore the growing threat to critical infrastructure in the sector.

Orange Telecom Hit by Warlock Ransomware Attack, Customer Data Leaked on Dark Web In late July 2025, French telecommunications giant Orange SA disclosed a ransomware attack on its internal systems to national authorities. The breach, attributed to the cybercriminal group Warlock, resulted in the theft of business customer data, approximately 4GB of which was published on the dark web in mid-August. The attack targeted Orange’s infrastructure, though specific details about the compromised systems remain undisclosed. The incident highlights the ongoing threat posed by ransomware gangs to critical infrastructure providers. Orange, headquartered in Paris, has not publicly commented on the ransom demands or the full extent of the data exposed. The breach underscores the persistent risks faced by major corporations, particularly in sectors handling sensitive customer information. Authorities are likely investigating the incident as part of broader efforts to combat cybercrime.

Telecom Sector Faces Surge in Ransomware Attacks, Data Theft in 2025 The telecom industry has become a prime target for cybercriminals, with ransomware attacks quadrupling from 24 incidents in 2022 to 90 in 2025, according to a recent threat intelligence report by Cyble. The sector’s critical role in national infrastructure and its vast stores of subscriber data make it a lucrative target for hackers, who exploit vulnerabilities in internet-facing systems and third-party dependencies. In late 2025, cybercriminals advertised stolen administrator credentials for a major U.S. telecom firm on the dark web for $4,000. The DragonForce ransomware gang also claimed to have exfiltrated over five terabytes of data from another U.S. telecom provider, though no evidence was provided. Cyble identified 444 data theft incidents in the sector, including 133 listings of stolen databases containing sensitive customer and operational information. The majority of attacks in 2025 were attributed to a handful of ransomware groups, with Qilin leading, followed by Akira and Play. High-profile victims included British telecom giant Orange. Roughly 70% of attacks targeted companies in the Americas, with Europe, Asia-Pacific, and the Middle East and Africa also affected. Cyble’s report highlighted that many attacks were enabled by the rapid exploitation of zero-day vulnerabilities in network equipment. Nation-state hackers and hacktivist groups further compounded the threat, using DDoS attacks and website defacements to disrupt operations. The telecom sector’s security posture remains a concern for businesses across industries, given its role in enabling secure communications.

Major telecommunications provider Orange suffered a severe security breach by the Babuk ransomware gang, resulting in the theft of 4.5 TB of sensitive data. The compromised data includes customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, and other personal information. This cyberattack has put both customers and the company at significant risk, impacting the confidentiality, integrity, and availability of valuable data.

Orange Belgium disclosed a cyberattack discovered in late July 2024, compromising data from 850,000 customer accounts. The breach exposed non-critical but sensitive personal information, including names, first names, telephone numbers, SIM card numbers, and PUK (Personal Unblocking Key) codes—8-digit security codes used to unblock SIM cards. The company confirmed that no passwords, email addresses, banking, or financial details were accessed. Upon detection, Orange Belgium blocked access to the affected system, reinforced security measures, and notified relevant authorities, filing an official complaint. Customers were alerted via email and SMS, with warnings to stay vigilant against potential phishing attempts via a dedicated webpage. The attack’s connection to a prior incident at parent company Orange Group (detected on July 25, with no confirmed customer data extraction) remains unconfirmed. The nature of the attack (e.g., method, perpetrator) was not disclosed.

French Telecom Operators Fined for Data Breaches as Global Privacy Regulations Tighten French telecom operators have been hit with fines for data breaches, underscoring heightened enforcement of data protection laws in Europe. The penalties, issued by France’s National Commission on Information and Liberties (CNIL), reflect stricter scrutiny under the GDPR, which mandates robust security measures and timely breach notifications. Meanwhile, Taiwan’s AI Basic Act officially took effect, establishing a legal framework for artificial intelligence that balances innovation with privacy protections. The law introduces guidelines for AI development, including transparency and accountability requirements for organizations handling personal data. In China, the Cyberspace Administration has launched a public consultation on proposed rules for personal information collection, signaling further regulatory evolution in data governance. The draft aims to refine existing privacy laws, potentially imposing new compliance obligations on businesses operating in the region. These developments coincide with broader global shifts in data protection: - Kentucky’s Consumer Data Protection Act (2024) has come into force in the U.S., expanding state-level privacy rights for residents. - The UK’s Information Commissioner’s Office (ICO) and California’s Privacy Protection Agency continue to enforce stringent breach response protocols, with updated guidance for organizations. - The Taiwan Financial Supervisory Commission and U.S. Federal Trade Commission (FTC) are also ramping up oversight, reflecting a trend toward cross-border regulatory alignment. The fines in France and the rollout of Taiwan’s AI Act highlight the growing intersection of cybersecurity, privacy, and emerging technologies, with regulators prioritizing both enforcement and proactive compliance. Organizations face increasing pressure to adapt to evolving legal landscapes or risk significant penalties.

An unknown number of consumers were unable to access specific websites as a result of a hack that targeted Orange's Spanish business, a telecom operator. Orange successfully identified and neutralised the majority of the unauthorised access to its IP network coordination centre. The French corporation said that there was no risk to client data in a message posted on the social networking platform X.

The cyber attackers targeted Orange and its subsidiary internet provider Nordnet in France. The cyberattack affected thousands of internet users across Europe amid the Ukraine-Russia war. Nearly 9,000 subscribers were affected by this internet outage.

French telecommunications company Orange S.A.was targeted by a Nefilim ransomware group which resulted in data loss. The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems. The data from about 20 customers on its virtual hosting service was accessed by those behind the ransomware attack.