NEW DELHI: A hacker has claimed responsibility for breaching the systems of Orange Group, one of France’s leading telecommunications operators and digital service providers.
The threat actor alleges that they have stolen thousands of internal documents, including sensitive user records and employee data, after infiltrating the company’s infrastructure.
Failed Extortion Attempt Leads to Data Leak
The hacker, known by the alias Rey, is a member of the HellCat ransomware group. After failing to extort the company, Rey publicly posted details about the stolen data on a hacker forum.
According to the threat actor, the breach primarily affected Orange Romania, a regional branch of the company, and compromised a vast trove of information.
Orange Group has confirmed the cyberattack, stating that it was limited to a “non-critical application.” The company has launched an investigation and is actively working to mitigate the impact of the incident.
Nominations are open for Honouring Women in Cyberspace on International Women’s Day 2025- Nominate Now!
Extent of the Data Breach
Rey claims to have exfiltrated approximately 6.5GB of data across nearly 12,000 files. The stolen information reportedly includes:
Some of the compromised data appears to be outdated, with certain email addresses belonging to individuals who had worked with Orange Romania over five years ago. Additionally, many payment card details in the leaked samples were found to have expired.
How the Breach Occurred
The hacker claims that they gained access to Orange’s systems by exploiting compromised credentials and vulnerabilities in the company’s Jira software (used for issue tracking) and other internal portals. Rey stated that they had access to the company’s systems for over a month before executing the data exfiltration.
On Sunday morning, the hacker began extracting the company’s data—a process that reportedly lasted three hours without triggering detection from Orange’s security systems. They also stated that they had dropped a ransom note on the compromised system, but Orange did not engage in negotiations.
Orange’s Response to the Cyberattack
Orange Group issued a statement to media confirming the incident and providing assurance that customer operations remain unaffected.
“Orange can confirm that our operations in Romania have been the target of a cyberattack. We took immediate action, and our top priority remains protecting the data and interests of our employees, customers, and partners. There has been no impact on customers’ operations, and the breach was found to occur on a non-critical back-office application.”
The company also stated that their cybersecurity and IT teams are actively assessing the extent of the breach and working to minimize the damage.
Empanelment for Speakers, Trainers, and Cyber Security Experts Opens at Future Crime Research Foundation
Security Implications and Next Steps
This incident highlights the ongoing cybersecurity threats faced by major corporations. The use of compromised credentials and software vulnerabilities as entry points underscores the need for robust security measures, including:
Orange Group has yet to disclose whether affected individuals will be notified or if additional security measures will be introduced to prevent similar breaches in the future. Meanwhile, cybersecurity experts warn customers and employees to remain vigilant for potential phishing attempts or fraud stemming from the leaked data.
The Orange Group data breach serves as another reminder of the persistent cyber threats facing businesses today. With attackers exploiting vulnerabilities and holding sensitive information for ransom, organizations must continuously fortify their cybersecurity posture to safeguard against such threats. While Orange has assured that customer operations remain unaffected, the breach raises serious concerns about data security and the importance of proactive defense strategies in the digital age.