Orange hacked again. 1.3 million customers have their personal data stolen

OrangeFrench telephone company Orange must have something of a red face right now, as it has found itself in the embarrassing position of admitting that hackers have made away with customer information for the second time this year.

In the latest security breach, hackers managed to seize the names, email addresses, phone numbers, dates of birth and other information related to a jaw-dropping 1.3 million current and potential customers.

Orange says that it detected the hack against a platform used by the company to send promotional emails and text messages on April 18th, but has kept quiet until this week as it wanted to ensure that the security holes used by the attackers to breach the phone company’s systems had been patched.

An obvious concern is that the attackers could use the information in phishing attacks targeting Orange’s current and potential customers, creating convincing-looking emails which might fool the unwary into believing they are legitimate messages from the telecoms company.

Sign up to our free newsletter.
Security news, advice, and tips.

Earlier this year, Lisa Vaas reported for this site that the personal data of 3% of Orange’s customers – a little less than 800,000 people – was “chiseled out of its databases”.

Reuters reports that the hacks are particularly embarrassing for the telecoms company’s CEO Stephane Richard, who has been taking a strong public stand on data security and privacy:

At a company event in November showcasing Orange’s innovations, Richard signed a charter on data protection in which Orange pledged to always keep its customers’ information safe, among other engagements.

To massively misquote Oscar Wilde: “To lose your customers’ data once may be regarded as a misfortune; to lose it twice begins to look like carelessness.”

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Orange hacked again. 1.3 million customers have their personal data stolen”

  1. Joey L

    I think some time needs to be spent on explaining that security enforcement isn't purely the realm of the security team, but that it is everybody's responsibility.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.