Orange Belgium, a major telecommunications provider and a subsidiary of the global Orange Group, has confirmed a significant data breach affecting a large portion of its customer base. The company, which serves over 3 million customers in Belgium and Luxembourg, disclosed that a cyberattack detected in late July resulted in the unauthorized access and theft of data belonging to roughly 850,000 customer accounts. While the company stated that no critical information like passwords, email addresses, or financial details were compromised, the breach is still a serious security incident.
The stolen information, as detailed by Orange Belgium, includes customer names, telephone numbers, SIM card numbers, Personal Unblocking Key (PUK) codes, and tariff plans. The presence of PUK codes is particularly concerning as this eight-digit security code can be used to unlock a SIM card if a user enters their PIN incorrectly multiple times. This information, combined with other stolen details, could be used by malicious actors for various fraudulent activities, including SIM swapping attacks where an attacker transfers a victim’s phone number to their own SIM card to intercept calls and messages.
In response to the incident, Orange Belgium stated that it immediately blocked access to the affected system, strengthened its security measures, and informed the relevant authorities. The company has also filed an official complaint with judicial authorities. Orange Belgium is in the process of notifying all affected customers via email or SMS. They are advising customers to be extremely vigilant for suspicious messages or calls, as the stolen information could be used by fraudsters to impersonate Orange or other companies to trick them into revealing more sensitive data.
This cyberattack on Orange Belgium is a separate incident from a breach disclosed by its parent company, Orange Group, at the end of July, which primarily impacted French customers. This latest event adds to a history of cybersecurity challenges for the Orange Group. In February, its Romanian branch confirmed a data breach of a non-critical application, which reportedly led to the theft of internal documents and employee and customer data. Furthermore, in July 2020, the Orange Business Solutions division was hit by a Nefilim ransomware attack that exposed data from twenty of its enterprise customers.
The recurring security incidents highlight the ongoing vulnerability of telecommunications companies to cyberattacks, which are attractive targets due to the vast amount of customer data they hold. As investigations into the Orange Belgium breach continue, the company has not publicly named the threat group responsible, citing the ongoing nature of the investigation. The incident serves as a stark reminder for both companies and consumers to prioritize cybersecurity and remain cautious of potential phishing scams and other fraudulent activities.
Reference:
