- Orange is notifying users of data violation
- A threat actor stole names, emails and more, in 850,000 people
- An investigation is ongoing
Orange Belgium has confirmed the suffering of a cyber attack in which the attackers stole confidential data on hundreds of thousands of users.
In a press release published on the company’s website, Orange Belgium confirmed the violation, and said he saw the intrusion at the end of July 2025. After overthrowing the attackers, hardening their controls, notifying the police and launching an investigation, Orange determined that the attackers managed to remove data in 850,000 of their clients.
The data includes full names, telephone numbers, SIM card numbers, Puk codes and rate plans. No passwords, email addresses or financial information were accessed, it was said. Apparently, affected people were notified by email or SMS.
Without typhoons
Orange did not discuss who threat actors were, or if it was a ransomware attack or a simple crushing and clarifying data.
In a statement, the company said the attack was not linked to the Chinese adversaries ‘Typhoon’ who have been pointing to telecommunications suppliers in the West for some time.
He also said he knows who the attackers are, but since the investigation is currently in progress, he cannot share it with the public.
A subsidiary of the global telecommunications giant, Orange Belgium, is an important telecommunications provider in the country, which serves approximately 3.5 million post -paid mobile subscribers and approximately one million cable subscribers.
The parent company is also often directed by different cybercriminals.
At the end of February 2025, a member of the Hellcat Ransomware Organization, aka King, had access to a “non -critical application”, belonging to Orange Romania, after obtaining access by exploiting credentials and defects committed to Jira.
Less than a month later, the same subsidiary suffered a second violation, and in January, Orange Spain suffered an “important interruption” after a threat actor who performs the alias “snow” obtained a “ridiculously weak” password for an account that manages the global routing table and controls the networks delivered by the company’s internet traffic.
Through Bleepingcomputer
