Orange Group, one of France’s leading telecommunications operators and digital service providers, has confirmed a data breach following a hacker’s online leak of company documents.
This raises concerns over the security of confidential business information and potential risks for employees and customers.
The hacker, who uses the alias Rey and is a member of the HellCat ransomware group, has claimed on a hacking forum that the data stolen is mostly from Orange Romania, a company’s regional branch.
Further, Rey claims to have stolen around 6.5GB of data from nearly 12,000 files by compromising Orange’s systems using stolen credentials and vulnerabilities in the company’s Jira software for bug/issue tracking and other internal portals.
The stolen data includes 380,000 unique email addresses, source codes, invoices, contracts, customer and employee information, partial payment card details of Romanian customers, and email addresses and names of Yoxo customers, Orange’s subscription-based service. After attempting to extort Orange Group unsuccessfully, the hacker publicly posted information about the stolen data on a hacker forum.
In a statement to BleepingComputer, the hacker clarified that they had breached Orange independently and that it was not a HellCat ransomware operation. They added that they had access to Orange’s systems for over a month before carrying out the data exfiltration.
On Sunday morning, the hacker spent three hours extracting the company’s data without being detected by Orange’s security systems.
They also claimed to have left a ransom note on the compromised system, but Orange did not respond to negotiations.
Rey shared some samples with BleepingComputer, which included quite old email addresses of former and current Orange Romania employees, partners, and contractors. The data also contained partial payment card details of Romanian customers, but many had already expired. Additionally, the leak included email addresses and names of Yoxo customers.
Orange Group has acknowledged the breach in an official statement and stated that it occurred on a non-critical application. The company added that it has started an investigation to determine the full impact of the incident and that customer operations remain unaffected.
“Orange can confirm that our operations in Romania have been the target of a cyberattack. We took immediate action, and our top priority remains protecting the data and interests of our employees, customers and partners. There has been no impact on customers’ operations, and the breach was found to occur on a non-critical back office application,” Orange Group said in a statement.
The company also added that their “cybersecurity and IT teams are working hard to assess the extent of the breach and minimize the impact of this incident.”
The statement further said, “We are committed to providing regular updates. Additionally, we are committed to complying with all legal obligations associated with such incidents and we are cooperating with the relevant authorities to address this matter.”
While there is no evidence of customer data exposure yet, Orange Group has advised its customers and employees to remain vigilant against potential phishing attempts or fraudulent activities.
