Orange hacked again. 1.3 million customers have their personal data stolen

Orange French telephone company Orange must have something of a red face right now, as it has found itself in the embarrassing position of admitting that hackers have made away with customer information for the second time this year.

In the latest security breach, hackers managed to seize the names, email addresses, phone numbers, dates of birth and other information related to a jaw-dropping 1.3 million current and potential customers.

Orange says that it detected the hack against a platform used by the company to send promotional emails and text messages on April 18th, but has kept quiet until this week as it wanted to ensure that the security holes used by the attackers to breach the phone company’s systems had been patched.

An obvious concern is that the attackers could use the information in phishing attacks targeting Orange’s current and potential customers, creating convincing-looking emails which might fool the unwary into believing they are legitimate messages from the telecoms company.

Sign up to our free newsletter.
Security news, advice, and tips.

Earlier this year, Lisa Vaas reported for this site that the personal data of 3% of Orange’s customers – a little less than 800,000 people – was “chiseled out of its databases”.

Reuters reports that the hacks are particularly embarrassing for the telecoms company’s CEO Stephane Richard, who has been taking a strong public stand on data security and privacy:

At a company event in November showcasing Orange’s innovations, Richard signed a charter on data protection in which Orange pledged to always keep its customers’ information safe, among other engagements.

To massively misquote Oscar Wilde: “To lose your customers’ data once may be regarded as a misfortune; to lose it twice begins to look like carelessness.”

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Orange hacked again. 1.3 million customers have their personal data stolen”

  1. Joey L

    I think some time needs to be spent on explaining that security enforcement isn't purely the realm of the security team, but that it is everybody's responsibility.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.