Orange
Company Details
Linkedin ID:
orange
Website:
Employees number:
135,828
Number of followers:
1,194,818
NAICS:
517
Industry Type:
Homepage:
orange.com
IP Addresses:
889
Company ID:
ORA_3376334
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Orange Vendor Cyber Rating & Cyber Score
orange.comOrange is one of the world’s leading telecommunications operators with revenues of 40.3 billion euros in 2024 and 127,000 employees worldwide at 31 December 2024, including 71,000 employees in France. The Group has a total customer base of 291 million customers worldwide at 31 December 2024, including 253 million mobile customers and 22 million fixed broadband customers. The Group is present in 26 countries. Orange is also a leading provider of global IT and telecommunication services to multinational companies under the brand Orange Business. In February 2023, the Group presented its strategic plan « Lead the future », built on a new business model and guided by responsibility and efficiency. « Lead the future » capitalizes on network excellence to reinforce Orange's leadership in service quality.
Orange A.I CyberSecurity Scoring
Orange Risk Score (AI oriented)Between 0 and 549
Orange
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Orange Global Score (TPRM)XXXX
Orange
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Orange Company CyberSecurity News & History
Past Incidents
13
Attack Types
3
Orange Belgium
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: Orange Belgium, a major telecom operator, suffered a cyberattack targeting its IT systems, raising concerns over potential theft of customer phone numbers. The attack exposed vulnerabilities where fraudsters could exploit stolen customer data to impersonate legitimate users and hijack phone numbers via SIM-swap fraud. Once in control of a victim’s number, attackers could intercept verification codes (e.g., for password resets, email, social media, or payment systems), enabling broader fraudulent activities like account takeovers or financial theft. The Belgian telecom regulator (IBPT) responded by mandating an additional verification step sending an SMS alert to customers for any number-transfer requests, allowing them to block unauthorized changes by replying 'STOP'. While no large-scale data breach (e.g., financial or sensitive personal records) was confirmed, the attack disrupted trust in Orange’s security, forced operational changes, and posed reputational and financial risks due to potential downstream fraud. Customers were urged to enable multi-factor authentication and scrutinize suspicious communications, highlighting the attack’s secondary impact on user behavior and operational processes.
Orange Romania, Orange Belgium and Orange: Ransomware hack hit Orange telecom, data published on dark web
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Orange Hit by Ransomware Attack as Warlock Gang Leaks Stolen Business Data French telecommunications giant Orange has confirmed a ransomware attack by the cybercriminal group Warlock, which resulted in the theft and publication of business customer data. The breach, disclosed to national authorities in late July, saw approximately four gigabytes of data posted to the dark web in mid-August. According to sources familiar with the incident, the attack targeted Orange’s internal systems using ransomware leased by Warlock a group known for providing its malware to other hackers in exchange for a cut of ransom payments. While Orange acknowledged the data leak, a spokesperson stated that the compromised information was "outdated or low-sensitivity" and that affected businesses were notified prior to the public release. The company is collaborating with authorities and impacted clients to mitigate the fallout. This incident marks the third major breach for Orange in 2024. In July, attackers accessed customer data from its Belgian division, while a separate attack exposed employee records from its Romanian operations on the dark web. Telecom providers remain prime targets for cybercriminals due to the vast amounts of financial, government, and corporate data they handle. The repeated attacks on Orange underscore the growing threat to critical infrastructure in the sector.
Orange SA: Ransomware Hack Hit Orange Telecom, Data Published on Dark Web
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Orange Telecom Hit by Warlock Ransomware Attack, Customer Data Leaked on Dark Web In late July 2025, French telecommunications giant Orange SA disclosed a ransomware attack on its internal systems to national authorities. The breach, attributed to the cybercriminal group Warlock, resulted in the theft of business customer data, approximately 4GB of which was published on the dark web in mid-August. The attack targeted Orange’s infrastructure, though specific details about the compromised systems remain undisclosed. The incident highlights the ongoing threat posed by ransomware gangs to critical infrastructure providers. Orange, headquartered in Paris, has not publicly commented on the ransom demands or the full extent of the data exposed. The breach underscores the persistent risks faced by major corporations, particularly in sectors handling sensitive customer information. Authorities are likely investigating the incident as part of broader efforts to combat cybercrime.
Orange Cyberdefense: Orange hit by recent cyberattack
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The telecoms giant warned that customers were going to be affected by its response to the attack, however, it did not disclose the incident itself. In a statement, the company said: “At this stage of the investigation, there is no evidence to suggest that any customer or Orange data has been extracted. We remain vigilant in this regard.” The attack took place on Friday 25 July, with the group detecting a cyberattack on its information systems, with Orange Cyberdefense teams mobilising and isolating the potential attack to mitigate the impact. “However, these isolation operations have resulted in the disruption of certain services and management platforms for some of our corporate customers and some consumer services, primarily in France. Our dedicated teams are fully mobilised to inform and support affected customers,” Orange stated. “Our teams have identified and are implementing solutions that will allow, under heightened vigilance, the gradual reopening of the main impacted services by Wednesday morning [30 July]. It added that a complaint has been filed and the relevant authorities have been alerted. “At this stae of the investigation, there is no evidence to suggest that any customer or Orange data has been extracted. We remain vigilant in this regard,” it added. The attack follows Orange confirming earlier this year that it experienced a separate cyber attack in March. At the time, a member of the HellCat ransomware group, known as Rey, gained access to a “non-c
Orange: Telecom sector sees steady rise in ransomware attacks
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: Telecom Sector Faces Surge in Ransomware Attacks, Data Theft in 2025 The telecom industry has become a prime target for cybercriminals, with ransomware attacks quadrupling from 24 incidents in 2022 to 90 in 2025, according to a recent threat intelligence report by Cyble. The sector’s critical role in national infrastructure and its vast stores of subscriber data make it a lucrative target for hackers, who exploit vulnerabilities in internet-facing systems and third-party dependencies. In late 2025, cybercriminals advertised stolen administrator credentials for a major U.S. telecom firm on the dark web for $4,000. The DragonForce ransomware gang also claimed to have exfiltrated over five terabytes of data from another U.S. telecom provider, though no evidence was provided. Cyble identified 444 data theft incidents in the sector, including 133 listings of stolen databases containing sensitive customer and operational information. The majority of attacks in 2025 were attributed to a handful of ransomware groups, with Qilin leading, followed by Akira and Play. High-profile victims included British telecom giant Orange. Roughly 70% of attacks targeted companies in the Americas, with Europe, Asia-Pacific, and the Middle East and Africa also affected. Cyble’s report highlighted that many attacks were enabled by the rapid exploitation of zero-day vulnerabilities in network equipment. Nation-state hackers and hacktivist groups further compounded the threat, using DDoS attacks and website defacements to disrupt operations. The telecom sector’s security posture remains a concern for businesses across industries, given its role in enabling secure communications.
Orange
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Major telecommunications provider Orange suffered a severe security breach by the Babuk ransomware gang, resulting in the theft of 4.5 TB of sensitive data. The compromised data includes customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, and other personal information. This cyberattack has put both customers and the company at significant risk, impacting the confidentiality, integrity, and availability of valuable data.
Orange Belgium
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Orange Belgium disclosed a cyberattack discovered in late July 2024, compromising data from 850,000 customer accounts. The breach exposed non-critical but sensitive personal information, including names, first names, telephone numbers, SIM card numbers, and PUK (Personal Unblocking Key) codes 8-digit security codes used to unblock SIM cards. The company confirmed that no passwords, email addresses, banking, or financial details were accessed. Upon detection, Orange Belgium blocked access to the affected system, reinforced security measures, and notified relevant authorities, filing an official complaint. Customers were alerted via email and SMS, with warnings to stay vigilant against potential phishing attempts via a dedicated webpage. The attack’s connection to a prior incident at parent company Orange Group (detected on July 25, with no confirmed customer data extraction) remains unconfirmed. The nature of the attack (e.g., method, perpetrator) was not disclosed.
French telecom operators: Data protection: key compliance updates (12 – 16 Jan)
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: French Telecom Operators Fined for Data Breaches as Global Privacy Regulations Tighten French telecom operators have been hit with fines for data breaches, underscoring heightened enforcement of data protection laws in Europe. The penalties, issued by France’s *National Commission on Information and Liberties (CNIL)*, reflect stricter scrutiny under the GDPR, which mandates robust security measures and timely breach notifications. Meanwhile, Taiwan’s AI Basic Act officially took effect, establishing a legal framework for artificial intelligence that balances innovation with privacy protections. The law introduces guidelines for AI development, including transparency and accountability requirements for organizations handling personal data. In China, the *Cyberspace Administration* has launched a public consultation on proposed rules for personal information collection, signaling further regulatory evolution in data governance. The draft aims to refine existing privacy laws, potentially imposing new compliance obligations on businesses operating in the region. These developments coincide with broader global shifts in data protection: - Kentucky’s Consumer Data Protection Act (2024) has come into force in the U.S., expanding state-level privacy rights for residents. - The UK’s Information Commissioner’s Office (ICO) and California’s Privacy Protection Agency continue to enforce stringent breach response protocols, with updated guidance for organizations. - The Taiwan Financial Supervisory Commission and U.S. Federal Trade Commission (FTC) are also ramping up oversight, reflecting a trend toward cross-border regulatory alignment. The fines in France and the rollout of Taiwan’s AI Act highlight the growing intersection of cybersecurity, privacy, and emerging technologies, with regulators prioritizing both enforcement and proactive compliance. Organizations face increasing pressure to adapt to evolving legal landscapes or risk significant penalties.
Orange
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: An unknown number of consumers were unable to access specific websites as a result of a hack that targeted Orange's Spanish business, a telecom operator. Orange successfully identified and neutralised the majority of the unauthorised access to its IP network coordination centre. The French corporation said that there was no risk to client data in a message posted on the social networking platform X.
Orange Cyberdefense
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Orange Cyberdefense apparently suffered a data breach incident after a popular forum offered data allegedly from their firm. Data in the sample included Contact Name, Email, Phone Number, Company Name, and Solution Name. The listing also offered to sell access to Orange Cyberdefense’s servers.
Orange
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of a geographical region
Description: The cyber attackers targeted Orange and its subsidiary internet provider Nordnet in France. The cyberattack affected thousands of internet users across Europe amid the Ukraine-Russia war. Nearly 9,000 subscribers were affected by this internet outage.
Orange Business Services U.S., Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On March 17, 2022, Orange Business Services U.S., Inc. (OBS) discovered a data breach involving unauthorized access to servers belonging to its subsidiary, Orange Silicon Valley, LLC (OSV), which had occurred on January 4, 2022. The incident compromised sensitive personal information of 6,567 individuals, including 9 Maine residents, with exposed data including Social Security numbers (SSNs) a high-value target for identity theft and financial fraud. The breach highlights a significant security lapse, as SSNs are critical identifiers that can enable long-term fraud, financial exploitation, and reputational damage for affected individuals. While the exact method of unauthorized access was not detailed, the exposure of such sensitive data suggests a failure in access controls, monitoring, or incident response protocols. The delay between the breach (January 4) and its discovery (March 17) over two months further exacerbates the risk, as threat actors could have exploited the stolen data during this period. The incident underscores the broader implications for Orange Business Services, including potential legal liabilities under data protection laws (e.g., GDPR, state-level breach notification statutes), regulatory scrutiny, and loss of customer trust. Given the nature of the exposed data, affected individuals face heightened risks of identity theft, phishing attacks, and financial fraud, necessitating credit monitoring and remediation efforts.
Orange
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: French telecommunications company Orange S.A.was targeted by a Nefilim ransomware group which resulted in data loss. The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems. The data from about 20 customers on its virtual hosting service was accessed by those behind the ransomware attack.
Orange Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Orange
Incidents vs Telecommunications Industry Average (This Year)
No incidents recorded for Orange in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Orange in 2026.
Incident Types Orange vs Telecommunications Industry Avg (This Year)
No incidents recorded for Orange in 2026.
Incident History — Orange (X = Date, Y = Severity)
Orange cyber incidents detection timeline including parent company and subsidiaries
Orange Company Subsidiaries
Orange is one of the world’s leading telecommunications operators with revenues of 40.3 billion euros in 2024 and 127,000 employees worldwide at 31 December 2024, including 71,000 employees in France. The Group has a total customer base of 291 million customers worldwide at 31 December 2024, including 253 million mobile customers and 22 million fixed broadband customers. The Group is present in 26 countries. Orange is also a leading provider of global IT and telecommunication services to multinational companies under the brand Orange Business. In February 2023, the Group presented its strategic plan « Lead the future », built on a new business model and guided by responsibility and efficiency. « Lead the future » capitalizes on network excellence to reinforce Orange's leadership in service quality.
Loading...
Orange Similar Companies
About Motorola Solutions | Solving for safer Safety and security are at the heart of everything we do at Motorola Solutions. We build and connect technologies to help protect people, property and places. Our solutions foster the collaboration that’s critical for safer communities, safer schools, sa
ZTE Corporation
ZTE connects the world with continuous innovation for a better future. The company provides innovative technologies and integrated solutions, and its portfolio spans communication networks, computing infrastructure, industry digital solutions, and personal and home smart terminals. Serving one t
Rogers Communications
Rogers is Canada’s communications and entertainment company, driven to connect and entertain Canadians. For more information, please visit rogers.com or investors.rogers.com. Déterminée à connecter et à divertir les Canadiens et Canadiennes, Rogers est la référence canadienne en matière de commu
Openreach
We’re the people who make the net work. As the nation’s largest wholesale broadband network, we’re rolling out Ultrafast Full Fibre broadband across the UK. It’s our fastest and most reliable broadband yet, and we’re well on our way to making it available to 25m homes and businesses – building the
Airtel Africa is a leading provider of telecommunications and mobile money services, with a presence in 14 countries in Africa, primarily in East Africa and Central and West Africa. Airtel Africa offers an integrated suite of telecommunications solutions to its subscribers, including mobile voice a
Telenor
EMPOWERING SOCIETIES. CONNECTING YOU TO WHAT MATTERS MOST. Telenor Group is a leading telecommunications company across the Nordics and Asia with 158 million subscribers and annual sales of around NOK 99 billions (2022). We are committed to responsible business conduct and driven by the ambition
MTS Group
Mobile TeleSystems OJSC ("MTS") is the leading telecommunications group in Russia, Eastern Europe and Central Asia, offering mobile and fixed voice, broadband, pay TV as well as content and entertainment services in one of the world's fastest growing regions. Including its subsidiaries, as of Decemb
KPN
Welkom bij de LinkedIn pagina van KPN. Sinds jaar en dag maakt KPN technologie toegankelijk. Hier leest u alles over de ontwikkelingen rondom de thema’s die KPN belangrijk vindt, zoals Het Nieuwe Leven & Werken, Veiligheid & Privacy en ICT-infrastructuur. Ook een transparante en betrouwbare dienstve
Telemont
Fundada em 1975, a Telemont Engenharia de Telecomunicações S/A é líder na prestação de serviços de implantação, manutenção e operação de redes de telecomunicações. São 7,7 milhões de acessos de voz, 3 milhões de ADSL e dados e 63 mil km de fibra óptica operados pela empresa. Através da Telemont I
.png)
Orange CyberSecurity News
March 17, 2026 07:00 AM
Goodwin Launches Orange County Office, Welcomes Trio of Renowned Cybersecurity, Privacy, & Technology Litigators
Goodwin expands its cybersecurity, privacy, and technology litigation practice with the addition of partners Richard Grabowski, John Vogt,...
February 10, 2026 08:00 AM
Orange Business, Cisco unveil new quantum security services
Orange Business has commercially launched global post-quantum cryptography (PQC) services that run on Cisco's routing tech.
December 16, 2025 08:00 AM
OC Cyber Innovation Clinic Leads Cybersecurity Workshop for Local Nonprofit Organizations
On Dec. 5, students from the OC Cyber Innovation Clinic, based at Cal State Fullerton, led a Crash Course in Business Cybersecurity session...
December 15, 2025 08:00 AM
No more orange juice? Why one ship reveals America’s maritime cybersecurity crisis
No more orange juice? Why one ship reveals America's maritime cybersecurity crisis · If one hacked port can threaten America's orange juice...
December 12, 2025 08:00 AM
Orange appoints sovereignty chief
Orange is at the forefront of digital sovereignty efforts in EuropeThe telco is keen to encourage all manner of national and regional...
December 12, 2025 08:00 AM
Firewalla Orange brings zero trust anywhere
Firewalla announced Firewalla Orange, a portable multi-gigabit cybersecurity firewall and Wi-Fi 7 router designed to reset expectations for...
December 12, 2025 08:00 AM
Orange appoints Guillaume Poupard Chief Trust Officer to accelerate its sovereignty and trust strategy
Orange announces the appointment of Guillaume Poupard as the Group's Chief Trust Officer, effective from1 February 2026.
December 11, 2025 08:00 AM
Orange enlists former cybersecurity agency head as Chief Trust Officer
Orange enlists former cybersecurity agency head as Chief Trust Officer · Guillaume Poupard previously served as Director General of ANSSI for...
December 11, 2025 08:00 AM
Orange hires chief trust officer in sovereignty drive
Orange named Guillaume Poupard as its chief trust officer, reflecting the operator's ambition to strengthen digital sovereignty.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Orange CyberSecurity History Information
Official Website of Orange
The official website of Orange is https://www.orange.com.
Orange’s AI-Generated Cybersecurity Score
According to Rankiteo, Orange’s AI-generated cybersecurity score is 383, reflecting their Critical security posture.
How many security badges does Orange’ have ?
According to Rankiteo, Orange currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Orange been affected by any supply chain cyber incidents ?
According to Rankiteo, Orange has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Orange have SOC 2 Type 1 certification ?
According to Rankiteo, Orange is not certified under SOC 2 Type 1.
Does Orange have SOC 2 Type 2 certification ?
According to Rankiteo, Orange does not hold a SOC 2 Type 2 certification.
Does Orange comply with GDPR ?
According to Rankiteo, Orange is not listed as GDPR compliant.
Does Orange have PCI DSS certification ?
According to Rankiteo, Orange does not currently maintain PCI DSS compliance.
Does Orange comply with HIPAA ?
According to Rankiteo, Orange is not compliant with HIPAA regulations.
Does Orange have ISO 27001 certification ?
According to Rankiteo,Orange is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Orange
Orange operates primarily in the Telecommunications industry.
Number of Employees at Orange
Orange employs approximately 135,828 people worldwide.
Subsidiaries Owned by Orange
Orange presently has no subsidiaries across any sectors.
Orange’s LinkedIn Followers
Orange’s official LinkedIn profile has approximately 1,194,818 followers.
NAICS Classification of Orange
Orange is classified under the NAICS code 517, which corresponds to Telecommunications.
Orange’s Presence on Crunchbase
No, Orange does not have a profile on Crunchbase.
Orange’s Presence on LinkedIn
Yes, Orange maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/orange.
Cybersecurity Incidents Involving Orange
As of April 02, 2026, Rankiteo reports that Orange has experienced 13 cybersecurity incidents.
Number of Peer and Competitor Companies
Orange has an estimated 10,042 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Orange ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware, Breach and Cyber Attack.
What was the total financial impact of these incidents on Orange ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $0.
How does Orange detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with the company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., and containment measures with identified and neutralised the majority of the unauthorised access, and communication strategy with posted a message on the social networking platform x, and and and containment measures with blocked access to the affected system, and remediation measures with strengthened security measures, and communication strategy with public statement, communication strategy with customer notifications via email and text message, communication strategy with dedicated web page for phishing awareness, and incident response plan activated with oui (mesures approuvées par l'ibpt), and third party assistance with ibpt (institut belge des services postaux et télécommunications), and containment measures with contrôle supplémentaire via sms de vérification pour les transferts de numéro, containment measures with possibilité d'annulation par le client en répondant 'stop', and remediation measures with évaluation périodique de la mesure par l'ibpt, remediation measures with adaptation si nécessaire, and communication strategy with avis publics via l'ibpt, communication strategy with messages sms aux clients concernés, communication strategy with recommandations de sécurité générales (double authentification, vigilance face aux messages suspects), and incident response plan activated with yes, and law enforcement notified with yes, and containment measures with isolation of potential attack, disruption of services, and remediation measures with gradual reopening of impacted services under heightened vigilance, and recovery measures with solutions implemented for service restoration by 2024-07-30, and communication strategy with public statement, customer advisories, and law enforcement notified with national authorities, and law enforcement notified with yes, and communication strategy with affected businesses notified prior to public release..
Incident Details
Can you provide details on each incident ?
Title: Cyber Attack on Orange and Nordnet
Description: Cyber attackers targeted Orange and its subsidiary internet provider Nordnet in France, affecting thousands of internet users across Europe amid the Ukraine-Russia war.
Type: Cyber Attack
Title: Orange S.A. Nefilim Ransomware Attack
Description: French telecommunications company Orange S.A. was targeted by a Nefilim ransomware group which resulted in data loss.
Type: Ransomware
Threat Actor: Nefilim ransomware group
Title: Data Breach at Orange Cyberdefense
Description: Orange Cyberdefense suffered a data breach incident after a popular forum offered data allegedly from their firm. The data in the sample included Contact Name, Email, Phone Number, Company Name, and Solution Name. The listing also offered to sell access to Orange Cyberdefense’s servers.
Type: Data Breach
Motivation: Data Theft, Financial Gain
Title: Hack Targeting Orange's Spanish Business
Description: An unknown number of consumers were unable to access specific websites as a result of a hack that targeted Orange's Spanish business, a telecom operator. Orange successfully identified and neutralised the majority of the unauthorised access to its IP network coordination centre. The French corporation said that there was no risk to client data in a message posted on the social networking platform X.
Type: Hack
Title: Orange Telecommunications Breach by Babuk Ransomware
Description: Major telecommunications provider Orange suffered a severe security breach by the Babuk ransomware gang, resulting in the theft of 4.5 TB of sensitive data. The compromised data includes customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, and other personal information. This cyberattack has put both customers and the company at significant risk, impacting the confidentiality, integrity, and availability of valuable data.
Type: Data Breach, Ransomware
Threat Actor: Babuk ransomware gang
Title: Orange Belgium Cyberattack Compromising Customer Data
Description: Orange Belgium announced a cyberattack discovered at the end of July 2023 that compromised data from 850,000 customer accounts. The hacker accessed an IT system containing non-critical customer data, including names, telephone numbers, SIM card numbers, PUK codes, and tariff plans. The company blocked access to the affected system, strengthened security measures, and alerted authorities. Customers were notified via email and text message and advised to watch for phishing attempts.
Date Detected: Late July 2023 (exact date unspecified)
Date Publicly Disclosed: Wednesday, August 2, 2023 (approximate, based on announcement timing)
Type: Data Breach
Title: Orange Business Services U.S., Inc. Data Breach (2022)
Description: The Maine Office of the Attorney General reported that on March 17, 2022, Orange Business Services U.S., Inc. (OBS) learned of a data breach involving unauthorized access to several Orange Silicon Valley, LLC (OSV) servers, which occurred on January 4, 2022. The breach affected 6,567 individuals, including 9 residents of Maine, whose information included Social Security numbers.
Date Detected: 2022-03-17
Type: Data Breach
Title: Cyberattaque ciblant Orange Belgium avec risque de vol de numéros de téléphone
Description: Une cyberattaque a visé les systèmes informatiques d'Orange Belgium, entraînant un risque de vol de numéros de téléphone par des escrocs utilisant des données personnelles de clients pour usurper leur identité. L'IBPT (Institut Belge des services Postaux et Télécommunications) a approuvé une mesure de contrôle supplémentaire : un SMS de vérification envoyé aux clients en cas de demande de transfert de numéro, permettant d'annuler la demande en répondant 'STOP' si elle est frauduleuse. Le message est envoyé depuis le numéro 5000 (particuliers) ou 5995 (professionnels).
Type: Cyberattaque
Attack Vector: Exploitation de données personnelles voléesIngénierie socialeSIM swapping
Vulnerability Exploited: Faiblesse dans les procédures de vérification d'identitéAccès non autorisé aux données clients
Threat Actor: Escrocs / Cybercriminels (non identifiés)
Motivation: Fraude financièreVol d'identitéAccès non autorisé à des comptes en ligne
Title: Cyberattack on Orange Information Systems
Description: Orange detected a cyberattack on its information systems, leading to the isolation of potential threats and disruption of certain services for corporate and consumer customers, primarily in France. No evidence of data extraction was found at the time of the investigation.
Date Detected: 2024-07-25
Date Resolved: 2024-07-30
Type: Cyberattack
Title: Telecom Sector Cyber Incidents and Ransomware Surge (2022-2025)
Description: The telecom sector experienced a nearly fourfold spike in ransomware attacks from 2022 to 2025, with 90 attacks in 2025 compared to 24 in 2022. Cybercriminals targeted telecom firms for reselling customer data, gaining strategic advantages, and exploiting internet-facing infrastructure and third-party dependencies. Major ransomware gangs like Qilin, Akira, and Play led the attacks, with victims including Orange. Additionally, 444 incidents of data theft were identified, including 133 listings of stolen databases containing sensitive customer or operational data.
Date Publicly Disclosed: 2025-07
Type: ransomware
Attack Vector: unpatched vulnerabilitieszero-day exploitsinternet-facing network equipmentthird-party service dependencies
Vulnerability Exploited: critical and zero-day vulnerabilities in internet-facing network equipment
Threat Actor: QilinAkiraPlayDragonForcenation-state hackershacktivists
Motivation: financial gainstrategic advantage over adversary nationsgeopolitical disruptionresale of customer data
Title: French Telecom Operators Fined for Data Breaches
Description: French telecom operators have been hit with fines for data breaches, underscoring heightened enforcement of data protection laws in Europe. The penalties, issued by France’s National Commission on Information and Liberties (CNIL), reflect stricter scrutiny under the GDPR, which mandates robust security measures and timely breach notifications.
Type: Data Breach
Title: Orange Telecom Hit by Warlock Ransomware Attack, Customer Data Leaked on Dark Web
Description: In late July 2025, French telecommunications giant Orange SA disclosed a ransomware attack on its internal systems to national authorities. The breach, attributed to the cybercriminal group Warlock, resulted in the theft of business customer data, approximately 4GB of which was published on the dark web in mid-August. The attack targeted Orange’s infrastructure, though specific details about the compromised systems remain undisclosed. The incident highlights the ongoing threat posed by ransomware gangs to critical infrastructure providers.
Date Detected: 2025-07
Date Publicly Disclosed: 2025-07
Type: Ransomware
Threat Actor: Warlock
Title: Orange Hit by Ransomware Attack as Warlock Gang Leaks Stolen Business Data
Description: French telecommunications giant Orange has confirmed a ransomware attack by the cybercriminal group Warlock, which resulted in the theft and publication of business customer data. The breach, disclosed to national authorities in late July, saw approximately four gigabytes of data posted to the dark web in mid-August.
Date Publicly Disclosed: 2024-07
Type: Ransomware
Threat Actor: Warlock
Motivation: Financial gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through administrator credentials sold on dark web ($4 and000).
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyber Attack ORA2548322
Systems Affected: Internet Services
Incident : Ransomware ORA2911822
Data Compromised: Data from about 20 customers on its virtual hosting service was accessed.
Incident : Data Breach ORA2131141122
Data Compromised: Contact name, Email, Phone number, Company name, Solution name
Incident : Hack ORA214221124
Systems Affected: IP network coordination centre
Operational Impact: Consumers unable to access specific websites
Incident : Data Breach, Ransomware ORA625031825
Data Compromised: Customer records, Email addresses, User data, Source code, Invoices, Internal documents, Contracts, Employee details, Credit cards, Messages, Call logs, Other personal information
Incident : Data Breach ORA529082025
Data Compromised: Customer names (first and last), Telephone numbers, Sim card numbers, Puk (personal unblocking key) codes, Tariff plans
Systems Affected: An IT system containing customer data
Brand Reputation Impact: Potential risk due to exposure of customer data and phishing warnings
Identity Theft Risk: Low (no critical data like passwords, emails, or financial details compromised, but PUK codes could enable SIM swapping)
Payment Information Risk: None (no banking or financial details exposed)
Incident : Data Breach ORA957082125
Data Compromised: Social security numbers
Systems Affected: Orange Silicon Valley, LLC (OSV) servers
Identity Theft Risk: High (Social Security numbers exposed)
Incident : Cyberattaque ORA814090225
Data Compromised: Données personnelles des clients (non précisées), Numéros de téléphone
Systems Affected: Systèmes informatiques d'Orange Belgium (partiellement)Procédures de transfert de numéro
Operational Impact: Renforcement des contrôles de sécurité pour les transferts de numéroCommunication accrue avec les clients
Brand Reputation Impact: Risque de perte de confiance des clientsNécéssité de mesures correctives publiques
Identity Theft Risk: ["Élevé (vol de numéros de téléphone pour usurpation d'identité)"]
Payment Information Risk: ["Risque accru via l'accès aux codes de vérification envoyés par SMS"]
Incident : Cyberattack ORA1764727825
Data Compromised: No evidence of data extraction
Systems Affected: Information systems, management platforms
Downtime: Disruption of services until 2024-07-30
Operational Impact: Disruption of corporate and consumer services, primarily in France
Incident : ransomware ORA1767980221
Data Compromised: over five terabytes (claimed by DragonForce), sensitive customer data, operational information, subscriber data, U.S. wiretap targets information
Systems Affected: telecom infrastructurecustomer databasesnetwork equipment
Operational Impact: network disruptions, enterprise business operations disrupted for up to two weeks
Brand Reputation Impact: high
Identity Theft Risk: high
Incident : Data Breach ORA1768849235
Financial Loss: Fines imposed
Incident : Ransomware ORA1770316673
Data Compromised: Business customer data
Brand Reputation Impact: Likely impacted
Incident : Ransomware ORA1770804300
Data Compromised: 4 GB
Systems Affected: Internal systems
Brand Reputation Impact: High
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $0.00.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Contact Name, Email, Phone Number, Company Name, Solution Name, , Customer Records, Email Addresses, User Data, Source Code, Invoices, Internal Documents, Contracts, Employee Details, Credit Cards, Messages, Call Logs, Other Personal Information, , Personal Data (Names, Telephone Numbers), Sim-Related Data (Sim Card Numbers, Puk Codes), Service Data (Tariff Plans), , Personally Identifiable Information (Pii), , Données Personnelles (Non Détaillées), Numéros De Téléphone, , Customer Data, Subscriber Data, Operational Information, U.S. Wiretap Targets Information, , Business customer data and Business customer data.
Which entities were affected by each incident ?
Incident : Cyber Attack ORA2548322
Entity Name: Orange
Entity Type: Company
Industry: Telecommunications
Location: France
Customers Affected: 9000
Incident : Cyber Attack ORA2548322
Entity Name: Nordnet
Entity Type: Company
Industry: Internet Service Provider
Location: France
Customers Affected: 9000
Incident : Ransomware ORA2911822
Entity Name: Orange S.A.
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: France
Customers Affected: 20
Incident : Data Breach ORA2131141122
Entity Name: Orange Cyberdefense
Entity Type: Company
Industry: Cybersecurity
Incident : Hack ORA214221124
Entity Name: Orange
Entity Type: Telecom Operator
Industry: Telecommunications
Location: Spain
Customers Affected: Unknown number
Incident : Data Breach, Ransomware ORA625031825
Entity Name: Orange
Entity Type: Telecommunications provider
Industry: Telecommunications
Incident : Data Breach ORA529082025
Entity Name: Orange Belgium
Entity Type: Telecommunications Provider
Industry: Telecommunications
Location: Belgium
Customers Affected: 850,000
Incident : Data Breach ORA957082125
Entity Name: Orange Business Services U.S., Inc. (OBS)
Entity Type: Corporation
Industry: Telecommunications / IT Services
Location: United States
Customers Affected: 6,567 individuals (including 9 Maine residents)
Incident : Data Breach ORA957082125
Entity Name: Orange Silicon Valley, LLC (OSV)
Entity Type: Subsidiary
Industry: Telecommunications / IT Services
Location: Silicon Valley, California, USA
Incident : Cyberattaque ORA814090225
Entity Name: Orange Belgium
Entity Type: Opérateur télécom
Industry: Télécommunications
Location: Belgique
Customers Affected: Clients particuliers et professionnels (nombre non précisé)
Incident : Cyberattack ORA1764727825
Entity Name: Orange
Entity Type: Telecoms
Industry: Telecommunications
Location: France
Customers Affected: Corporate customers and some consumer services
Incident : ransomware ORA1767980221
Entity Name: Orange
Entity Type: telecom
Industry: telecommunications
Location: United Kingdom
Size: large
Incident : ransomware ORA1767980221
Entity Name: Major U.S. telecom firm (unnamed)
Entity Type: telecom
Industry: telecommunications
Location: United States
Size: large
Incident : Data Breach ORA1768849235
Entity Type: Telecom Operator
Industry: Telecommunications
Location: France
Incident : Ransomware ORA1770316673
Entity Name: Orange SA
Entity Type: Telecommunications
Industry: Telecommunications
Location: Paris, France
Size: Large
Customers Affected: Business customers
Incident : Ransomware ORA1770804300
Entity Name: Orange
Entity Type: Telecommunications
Industry: Telecommunications
Location: France
Size: Large
Customers Affected: Business customers
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware ORA2911822
Containment Measures: The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems.
Incident : Hack ORA214221124
Containment Measures: Identified and neutralised the majority of the unauthorised access
Communication Strategy: Posted a message on the social networking platform X
Incident : Data Breach ORA529082025
Incident Response Plan Activated: True
Containment Measures: Blocked access to the affected system
Remediation Measures: Strengthened security measures
Communication Strategy: Public statementCustomer notifications via email and text messageDedicated web page for phishing awareness
Incident : Cyberattaque ORA814090225
Incident Response Plan Activated: Oui (mesures approuvées par l'IBPT)
Third Party Assistance: Ibpt (Institut Belge Des Services Postaux Et Télécommunications).
Containment Measures: Contrôle supplémentaire via SMS de vérification pour les transferts de numéroPossibilité d'annulation par le client en répondant 'STOP'
Remediation Measures: Évaluation périodique de la mesure par l'IBPTAdaptation si nécessaire
Communication Strategy: Avis publics via l'IBPTMessages SMS aux clients concernésRecommandations de sécurité générales (double authentification, vigilance face aux messages suspects)
Incident : Cyberattack ORA1764727825
Incident Response Plan Activated: Yes
Law Enforcement Notified: Yes
Containment Measures: Isolation of potential attack, disruption of services
Remediation Measures: Gradual reopening of impacted services under heightened vigilance
Recovery Measures: Solutions implemented for service restoration by 2024-07-30
Communication Strategy: Public statement, customer advisories
Incident : Ransomware ORA1770316673
Law Enforcement Notified: National authorities
Incident : Ransomware ORA1770804300
Law Enforcement Notified: Yes
Communication Strategy: Affected businesses notified prior to public release
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Oui (mesures approuvées par l'IBPT), Yes.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through IBPT (Institut Belge des services Postaux et Télécommunications), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ORA2131141122
Type of Data Compromised: Contact name, Email, Phone number, Company name, Solution name
Personally Identifiable Information: Contact NameEmailPhone Number
Incident : Data Breach, Ransomware ORA625031825
Type of Data Compromised: Customer records, Email addresses, User data, Source code, Invoices, Internal documents, Contracts, Employee details, Credit cards, Messages, Call logs, Other personal information
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : Data Breach ORA529082025
Type of Data Compromised: Personal data (names, telephone numbers), Sim-related data (sim card numbers, puk codes), Service data (tariff plans)
Number of Records Exposed: 850,000
Sensitivity of Data: Moderate (no critical data like passwords or financial details, but PUK codes are sensitive)
Personally Identifiable Information: NamesTelephone numbers
Incident : Data Breach ORA957082125
Type of Data Compromised: Personally identifiable information (pii)
Number of Records Exposed: 6,567
Sensitivity of Data: High
Data Exfiltration: Yes (unauthorized access)
Personally Identifiable Information: Social Security numbers
Incident : Cyberattaque ORA814090225
Type of Data Compromised: Données personnelles (non détaillées), Numéros de téléphone
Sensitivity of Data: Élevée (risque d'usurpation d'identité et de fraude)
Data Exfiltration: Probable (utilisation des données par des escrocs)
Personally Identifiable Information: Numéros de téléphoneAutres données personnelles (non spécifiées)
Incident : Cyberattack ORA1764727825
Data Exfiltration: No evidence of data extraction
Incident : ransomware ORA1767980221
Type of Data Compromised: Customer data, Subscriber data, Operational information, U.s. wiretap targets information
Sensitivity of Data: high
Data Exfiltration: yes (claimed by DragonForce)
Personally Identifiable Information: yes
Incident : Ransomware ORA1770316673
Type of Data Compromised: Business customer data
Data Exfiltration: 4GB of data published on the dark web
Incident : Ransomware ORA1770804300
Type of Data Compromised: Business customer data
Sensitivity of Data: Outdated or low-sensitivity
Data Exfiltration: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Strengthened security measures, , Évaluation périodique de la mesure par l'IBPT, Adaptation si nécessaire, , Gradual reopening of impacted services under heightened vigilance.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by the company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., identified and neutralised the majority of the unauthorised access, , blocked access to the affected system, , contrôle supplémentaire via sms de vérification pour les transferts de numéro, possibilité d'annulation par le client en répondant 'stop', , isolation of potential attack and disruption of services.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware ORA2911822
Ransomware Strain: Nefilim
Incident : ransomware ORA1767980221
Ransomware Strain: QilinAkiraPlay
Data Encryption: yes
Data Exfiltration: yes
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Solutions implemented for service restoration by 2024-07-30.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach ORA529082025
Legal Actions: Official complaint filed with judicial authorities,
Regulatory Notifications: Relevant authorities alerted
Incident : Data Breach ORA957082125
Regulatory Notifications: Maine Office of the Attorney General
Incident : Cyberattaque ORA814090225
Regulatory Notifications: Notification et collaboration avec l'IBPT pour les mesures correctives
Incident : Cyberattack ORA1764727825
Legal Actions: Complaint filed
Regulatory Notifications: Relevant authorities alerted
Incident : Data Breach ORA1768849235
Regulations Violated: GDPR,
Fines Imposed: Yes
Regulatory Notifications: Yes
Incident : Ransomware ORA1770316673
Regulatory Notifications: Disclosed to national authorities
Incident : Ransomware ORA1770804300
Regulatory Notifications: Disclosed to national authorities
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Official complaint filed with judicial authorities, , Complaint filed.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Cyberattaque ORA814090225
Lessons Learned: Nécessité de renforcer les procédures de vérification d'identité pour les transferts de numéro, Importance de la communication proactive avec les clients en cas de risque de fraude, Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité
Incident : ransomware ORA1767980221
Lessons Learned: The telecom sector's critical role as national infrastructure and its access to high-volume subscriber data make it a prime target. Frequent exposure through internet-facing infrastructure and third-party dependencies, along with rapid weaponization of vulnerabilities, enables attacks. Bipartisan cooperation is needed for cyber resilience.
What recommendations were made to prevent future incidents ?
Incident : Data Breach ORA529082025
Recommendations: Customers advised to monitor for phishing attempts, Company likely reviewing access controls and system segmentationCustomers advised to monitor for phishing attempts, Company likely reviewing access controls and system segmentation
Incident : Cyberattaque ORA814090225
Recommendations: Activer la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphone
Incident : ransomware ORA1767980221
Recommendations: Patch critical and zero-day vulnerabilities promptly, Enhance perimeter controls and network segmentation, Improve third-party risk management, Strengthen incident response plans, Increase monitoring and adaptive security measures, Foster bipartisan cooperation for cyber resiliencePatch critical and zero-day vulnerabilities promptly, Enhance perimeter controls and network segmentation, Improve third-party risk management, Strengthen incident response plans, Increase monitoring and adaptive security measures, Foster bipartisan cooperation for cyber resiliencePatch critical and zero-day vulnerabilities promptly, Enhance perimeter controls and network segmentation, Improve third-party risk management, Strengthen incident response plans, Increase monitoring and adaptive security measures, Foster bipartisan cooperation for cyber resiliencePatch critical and zero-day vulnerabilities promptly, Enhance perimeter controls and network segmentation, Improve third-party risk management, Strengthen incident response plans, Increase monitoring and adaptive security measures, Foster bipartisan cooperation for cyber resiliencePatch critical and zero-day vulnerabilities promptly, Enhance perimeter controls and network segmentation, Improve third-party risk management, Strengthen incident response plans, Increase monitoring and adaptive security measures, Foster bipartisan cooperation for cyber resiliencePatch critical and zero-day vulnerabilities promptly, Enhance perimeter controls and network segmentation, Improve third-party risk management, Strengthen incident response plans, Increase monitoring and adaptive security measures, Foster bipartisan cooperation for cyber resilience
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Nécessité de renforcer les procédures de vérification d'identité pour les transferts de numéro,Importance de la communication proactive avec les clients en cas de risque de fraude,Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identitéThe telecom sector's critical role as national infrastructure and its access to high-volume subscriber data make it a prime target. Frequent exposure through internet-facing infrastructure and third-party dependencies, along with rapid weaponization of vulnerabilities, enables attacks. Bipartisan cooperation is needed for cyber resilience.
References
Where can I find more information about each incident ?
Incident : Hack ORA214221124
Source: Social networking platform X
Incident : Data Breach ORA529082025
Source: Orange Belgium Public Statement
Date Accessed: August 2023
Incident : Data Breach ORA957082125
Source: Maine Office of the Attorney General
Incident : Cyberattaque ORA814090225
Source: IBPT (Institut Belge des services Postaux et Télécommunications)
Incident : Cyberattack ORA1764727825
Source: Orange Statement
Incident : ransomware ORA1767980221
Source: TechTarget/Informa
Incident : Data Breach ORA1768849235
Source: National Commission on Information and Liberties (CNIL)
Incident : Ransomware ORA1770316673
Source: Incident disclosure
Incident : Ransomware ORA1770804300
Source: News article
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Social networking platform X, and Source: Orange Belgium Public StatementDate Accessed: August 2023, and Source: Maine Office of the Attorney General, and Source: IBPT (Institut Belge des services Postaux et Télécommunications), and Source: Orange Statement, and Source: Cyble Threat Intelligence ReportDate Accessed: 2025-07, and Source: TechTarget/Informa, and Source: National Commission on Information and Liberties (CNIL), and Source: Incident disclosure, and Source: News article.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach ORA529082025
Investigation Status: Ongoing (no updates on root cause or relation to Orange Group incident)
Incident : Cyberattaque ORA814090225
Investigation Status: Mesures correctives en cours (évaluation périodique par l'IBPT)
Incident : Cyberattack ORA1764727825
Investigation Status: Ongoing
Incident : ransomware ORA1767980221
Investigation Status: ongoing
Incident : Ransomware ORA1770316673
Investigation Status: Ongoing
Incident : Ransomware ORA1770804300
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Posted A Message On The Social Networking Platform X, Public Statement, Customer Notifications Via Email And Text Message, Dedicated Web Page For Phishing Awareness, Avis Publics Via L'Ibpt, Messages Sms Aux Clients Concernés, Recommandations De Sécurité Générales (Double Authentification, Vigilance Face Aux Messages Suspects), Public statement, customer advisories and Affected businesses notified prior to public release.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach ORA529082025
Stakeholder Advisories: Customers Notified Via Email And Text Message.
Customer Advisories: Warning about potential phishing attemptsDedicated web page for guidance
Incident : Cyberattaque ORA814090225
Stakeholder Advisories: Avis Public De L'Ibpt Sur Les Risques De Fraude, Recommandations De Sécurité Pour Tous Les Utilisateurs De Services Télécoms.
Customer Advisories: SMS de vérification envoyé depuis le 5000 (particuliers) ou 5995 (professionnels) en cas de demande de transfert de numéroInstructions pour annuler une demande frauduleuse en répondant 'STOP'Conseils généraux de sécurité (double authentification, vigilance)
Incident : Cyberattack ORA1764727825
Customer Advisories: Affected customers informed and supported
Incident : Ransomware ORA1770804300
Customer Advisories: Affected businesses notified
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers Notified Via Email And Text Message, Warning About Potential Phishing Attempts, Dedicated Web Page For Guidance, , Avis Public De L'Ibpt Sur Les Risques De Fraude, Recommandations De Sécurité Pour Tous Les Utilisateurs De Services Télécoms, Sms De Vérification Envoyé Depuis Le 5000 (Particuliers) Ou 5995 (Professionnels) En Cas De Demande De Transfert De Numéro, Instructions Pour Annuler Une Demande Frauduleuse En Répondant 'Stop', Conseils Généraux De Sécurité (Double Authentification, Vigilance), , Affected customers informed and supported and Affected businesses notified.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Cyberattaque ORA814090225
High Value Targets: Données Clients (Numéros De Téléphone Et Informations Personnelles),
Data Sold on Dark Web: Données Clients (Numéros De Téléphone Et Informations Personnelles),
Incident : ransomware ORA1767980221
Entry Point: administrator credentials sold on dark web ($4,000)
High Value Targets: telecom infrastructure
Data Sold on Dark Web: telecom infrastructure
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach ORA529082025
Corrective Actions: Strengthened Security Measures (Unspecified),
Incident : Cyberattaque ORA814090225
Root Causes: Failles Dans La Protection Des Données Clients, Procédures De Vérification Insuffisantes Pour Les Transferts De Numéro,
Corrective Actions: Ajout D'Un Contrôle Sms Pour Les Transferts De Numéro, Évaluation Périodique Par L'Ibpt, Sensibilisation Des Clients,
Incident : ransomware ORA1767980221
Root Causes: Unpatched Vulnerabilities In Internet-Facing Network Equipment, Third-Party Service Dependencies, Lax Perimeter Controls, Rapid Weaponization Of Zero-Day Exploits,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Ibpt (Institut Belge Des Services Postaux Et Télécommunications), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Strengthened Security Measures (Unspecified), , Ajout D'Un Contrôle Sms Pour Les Transferts De Numéro, Évaluation Périodique Par L'Ibpt, Sensibilisation Des Clients, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Nefilim ransomware group, Babuk ransomware gang, Escrocs / Cybercriminels (non identifiés), QilinAkiraPlayDragonForcenation-state hackershacktivists, Warlock and Warlock.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on Late July 2023 (exact date unspecified).
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-07.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2024-07-30.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was Fines imposed.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Data from about 20 customers on its virtual hosting service was accessed., Contact Name, Email, Phone Number, Company Name, Solution Name, , customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, other personal information, , Customer names (first and last), Telephone numbers, SIM card numbers, PUK (Personal Unblocking Key) codes, Tariff plans, , Social Security numbers, , Données personnelles des clients (non précisées), Numéros de téléphone, , No evidence of data extraction, over five terabytes (claimed by DragonForce), sensitive customer data, operational information, subscriber data, U.S. wiretap targets information, Business customer data and 4 GB.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were IP network coordination centre and An IT system containing customer data and Orange Silicon Valley, LLC (OSV) servers and Systèmes informatiques d'Orange Belgium (partiellement)Procédures de transfert de numéro and and telecom infrastructurecustomer databasesnetwork equipment and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was ibpt (institut belge des services postaux et télécommunications), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., Identified and neutralised the majority of the unauthorised access, Blocked access to the affected system, Contrôle supplémentaire via SMS de vérification pour les transferts de numéroPossibilité d'annulation par le client en répondant 'STOP', Isolation of potential attack and disruption of services.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were user data, Données personnelles des clients (non précisées), customer records, contracts, over five terabytes (claimed by DragonForce), sensitive customer data, operational information, subscriber data, U.S. wiretap targets information, Solution Name, call logs, Telephone numbers, employee details, Social Security numbers, No evidence of data extraction, 4 GB, Contact Name, Phone Number, internal documents, PUK (Personal Unblocking Key) codes, source code, messages, Business customer data, SIM card numbers, Tariff plans, email addresses, Company Name, other personal information, Email, credit cards, Customer names (first and last), Data from about 20 customers on its virtual hosting service was accessed., Numéros de téléphone and invoices.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 856.6K.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was Yes.
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Official complaint filed with judicial authorities, , Complaint filed.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité, The telecom sector's critical role as national infrastructure and its access to high-volume subscriber data make it a prime target. Frequent exposure through internet-facing infrastructure and third-party dependencies, along with rapid weaponization of vulnerabilities, enables attacks. Bipartisan cooperation is needed for cyber resilience.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Être vigilant face aux appels ou messages suspects, Customers advised to monitor for phishing attempts, Increase monitoring and adaptive security measures, Limiter la publication d'informations personnelles sur les réseaux sociaux, Improve third-party risk management, Patch critical and zero-day vulnerabilities promptly, Strengthen incident response plans, Activer la double authentification pour les services en ligne, Enhance perimeter controls and network segmentation, Surveiller les activités suspectes sur les comptes liés au numéro de téléphone, Foster bipartisan cooperation for cyber resilience, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro and Company likely reviewing access controls and system segmentation.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Social networking platform X, TechTarget/Informa, News article, Orange Belgium Public Statement, Orange Statement, Incident disclosure, IBPT (Institut Belge des services Postaux et Télécommunications), Maine Office of the Attorney General, Cyble Threat Intelligence Report and National Commission on Information and Liberties (CNIL).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (no updates on root cause or relation to Orange Group incident).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers notified via email and text message, Avis public de l'IBPT sur les risques de fraude, Recommandations de sécurité pour tous les utilisateurs de services télécoms, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Warning about potential phishing attemptsDedicated web page for guidance, SMS de vérification envoyé depuis le 5000 (particuliers) ou 5995 (professionnels) en cas de demande de transfert de numéroInstructions pour annuler une demande frauduleuse en répondant 'STOP'Conseils généraux de sécurité (double authentification, vigilance), Affected customers informed and supported and Affected businesses notified.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an administrator credentials sold on dark web ($4 and000).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Failles dans la protection des données clientsProcédures de vérification insuffisantes pour les transferts de numéro, unpatched vulnerabilities in internet-facing network equipmentthird-party service dependencieslax perimeter controlsrapid weaponization of zero-day exploits.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Strengthened security measures (unspecified), Ajout d'un contrôle SMS pour les transferts de numéroÉvaluation périodique par l'IBPTSensibilisation des clients.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=orange' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
