- Orange informs users of a data violation
- A threat actor stolen names, emails, and more, out of 850,000 people
- An investigation is underway
Orange Belgium has confirmed the suffering of a cyber attack in which the attackers stole sensitive data on hundreds of thousands of users.
In a press release published on the company’s website, Orange Belgium confirmed the violation and declared that it had identified the intrusion at the end of July 2025. After having ousted the attackers, tightening its orders, notifying the police and launched an investigation, Orange determined that the attackers had succeeded in exfiltrating the data on 850,000 of its customers.
Data includes complete names, phone numbers, SIM card numbers, PUK codes and pricing plans. Passwords, email addresses or financial information has not been accessible, it was said. People affected were apparently informed by email or SMS.
No typhoons
Orange did not discuss who were the actors of the threat, or if it was a ransomware attack or a simple Smash-And-Grab of data.
In a statement, the company said that the attack was not linked to the Chinese adversaries of the “typhoon” who have been targeting telecommunications providers for some time.
He also said that he knew who are the attackers, but as the investigation is currently underway, she cannot share it with the public.
A subsidiary of the Global Telecommunications Giant, Orange Belgium is a large telecommunications supplier in the country, serving approximately 3.5 million post-paye mobile subscribers and around a million cable subscribers.
The parent company is also often targeted by different cybercriminals.
At the end of February 2025, a member of the Hellcat Ransomware Organization, alias Rey, had access to a “non -critical application”, belonging to Orange Romania, having obtained access by exploiting references and defects compromised to Jira.
Less than a month later, the same subsidiary underwent a second violation and, in January, Orange Spain underwent a “big breakdown” after a threat player passed through the alias “snow” obtained a “ridiculously low” password for a account that manages the world routing table and controls networks that offer business internet traffic.
Via Bleeping Compompute
