Major Cyberattack on Orange Belgium Compromises Data of 850,000 Customers
Brussels, Belgium – Major telecommunications provider Orange Belgium announced on Wednesday that it was the victim of a significant cyberattack, resulting in a data breach affecting approximately 850,000 of its customers. The company, a subsidiary of the French telecom giant Orange Group, confirmed that the incident was detected at the end of July and involved unauthorized access to one of its IT systems.
While the breach is extensive in the number of customers affected, Orange Belgium has emphasized that critical and sensitive data, such as passwords, email addresses, and financial or banking details, were not compromised in the attack.
What Information Was Stolen?
According to a statement released by the company, the hackers gained access to a system containing specific customer information. The compromised data includes customers’ first and last names, telephone numbers, SIM card numbers, PUK codes, and details about their tariff plans.
A PUK (Personal Unblocking Key) code is an eight-digit security feature used to unlock a SIM card if an incorrect PIN has been entered multiple times.The theft of this particular data point has raised concerns among cybersecurity experts about the potential for follow-up attacks.
Youtube
Company’s Response and Security Measures
Orange Belgium stated that its cybersecurity teams took immediate action upon discovering the breach. “As soon as the incident was detected, our teams blocked access to the affected system and tightened our security measures,” the company said.
The operator has also alerted the competent authorities and filed an official complaint with judicial officials. In line with data protection regulations, Orange Belgium has begun the process of notifying all affected customers directly via email and text messages. The company has also set up a dedicated webpage to provide further information and has urged its clients to “remain vigilant for any suspicious communications.”
Potential Risks for Customers
While financial data was not exposed, security analysts and ethical hackers have warned that the stolen information could be exploited for malicious purposes. The primary concern is the increased risk of “SIM swapping.”This form of identity theft involves criminals using the stolen data to deceive the mobile carrier and transfer the victim’s phone number to a SIM card in their possession. Once they control the phone number, they can potentially intercept verification codes sent via SMS, granting them access to social media accounts, emails, and other sensitive online services.
More News
Ethical hacker Inti De Ceukelaire noted that the stolen SIM card numbers and PUK codes could be used to change a user’s PIN, heightening the risk of a successful SIM swap. In response, Orange stated it has implemented “additional security measures at various levels” to mitigate the risk of fraudulent SIM swaps, though specific details were not disclosed.
A Troubling Trend for the Telecom Industry
This incident is the latest in a series of cyberattacks targeting telecom companies worldwide, which are attractive targets for hackers due to the vast amounts of customer data they hold. The breach at Orange Belgium comes less than a month after its parent company, Orange Group, disclosed a separate cyberattack on one of its internal systems on July 25. At the time, the French company reported no evidence of customer data being stolen, and it has not been clarified if the two incidents are connected.
The broader telecom sector has been on high alert. Recent months have seen similar breaches, including an attack on Telefónica in Peru and intelligence reports of state-backed groups targeting major carriers in the United States.
As the investigation into the Orange Belgium breach is ongoing, the company has stated that no further technical details will be disclosed to protect the integrity of the investigation. Meanwhile, the 850,000 affected customers are advised to be cautious of potential phishing attempts and to follow the guidance provided by the company to secure their accounts.
