Orange has confirmed that its Romanian branch was targeted in a cyberattack by a hacker identified as “Rey,” who is reportedly affiliated with the HellCat ransomware group. The breach affected a non-critical back-office application, which had no direct impact on customer-facing services or operational activities. However, the hacker claimed to have accessed 380,000 email addresses along with other sensitive data, including partial payment card details, some of which had already expired. The stolen files, totaling 6.5 GB, include personal data of current and former employees, partners, and contractors of Orange Romania, as well as customer data from the Yoxo subscription service.
The attack was said to have gone undetected for about three hours, during which Rey was able to steal nearly 12,000 files.
Despite the hacker’s claim of having access to Orange’s systems for about a month, the company stated that the breach occurred in a back-office application, ensuring no operational disruptions for its customer services. The exposed customer data included email addresses and partial payment card information, although the data was limited to some customers of Yoxo, which offers flexible, contract-free subscriptions.
In response to the breach, Orange immediately took action to secure its systems and minimize the impact of the attack. The company assured that protecting the data and interests of its employees, customers, and partners remained their top priority. Orange is cooperating with the relevant authorities and has initiated an investigation into the incident. This breach follows a similar cyber attack on Orange Spain, which indicates that telecom companies continue to be prime targets for cybercriminals.
The hacker, Rey, communicated with the security website BleepingComputer, claiming that the data breach did not involve typical HellCat ransomware activity, although the group has previously claimed responsibility for other significant hacks, including those against Schneider Electric and Telefónica. The ongoing investigation and efforts to strengthen cybersecurity within the telecom industry underscore the increasing prevalence of targeted attacks against such organizations.
Reference:
