Orange Group confirms a cyberattack on its Romanian operations after a hacker linked to the HellCat ransomware group leaked stolen company documents online.
What happened
Orange Group, a French telecommunications provider, confirmed that a cyberattack targeted its Romanian operations after a hacker leaked stolen company documents online. The hacker, known as “Rey” and associated with the HellCat ransomware group, claims to have stolen thousands of internal documents containing customer and employee data. The hacker initially attempted to extort the company before making the data public on a cybercriminal forum.
Orange stated that the breach affected a “non-critical” application and assured customer operations remained unaffected. However, the company has launched an investigation and is working to minimize the impact.
Going deeper
Orange Group is known for operating internet and mobile networks. The company also own Yoxo, a no-contract mobile service offering internet and roaming options.
According to the hacker group, the stolen data primarily came from Orange Romania, and included:
- 380,000 unique email addresses
- Source code, invoices, and contracts
- Customer and employee records
- Partial payment card information
The hacker claimed they had accessed Orange’s systems for over a month before beginning data exfiltration, which reportedly went undetected for three hours. The breach was made possible by exploiting compromised credentials and vulnerabilities in Orange’s Jira software, which is used for tracking bugs, and internal portals.
Rey shared samples of the leaked data, which included email addresses of current and former employees, as well as information on Yoxo customers. Some data, particularly email records and payment card details, appeared outdated, with expired credentials.
Despite these findings, the breach exposed nearly 12,000 files totaling 6.5GB of stolen data. A ransom note was reportedly left in the system, but Orange did not engage in negotiations. It is broadly seen as inadvisable to pay ransoms.
What was said
Orange acknowledged the attack, stating that its top priority is protecting the data and interests of employees, customers, and partners.
A company spokesperson stated, "There has been no impact on customers’ operations, and the breach was found to occur on a non-critical back-office application. Our cybersecurity and IT teams are working hard to assess the extent of the breach and minimize the impact of this incident." The company also assured compliance with legal obligations and cooperation with relevant authorities.
The big picture
Hackers showed how easily overlooked systems can become entry points for major breaches. Stolen credentials and unpatched software gave them access for hours without detection. Companies need stronger access controls, faster patching, and continuous monitoring to protect sensitive data before cybercriminals take advantage.
FAQs
How does this breach compare to other recent telecom cyberattacks?
Many telecom providers have faced similar attacks, often due to credential leaks or software vulnerabilities. The scale of this breach is significant, but not unprecedented.
What legal or regulatory consequences could Orange face?
Depending on the findings, Orange may face scrutiny under EU data protection laws (GDPR), which could result in fines or mandatory security improvements.
Could this breach impact Orange’s network services or future security?
While Orange states that operations remain unaffected, data leaks can increase the risk of future cyberattacks, especially if internal security details are exposed.
What should businesses learn from this incident?
This breach proves the need for securing cloud-based applications, enforcing multi-factor authentication, and regularly auditing internal security measures.
What steps can individuals take to protect themselves after a telecom data breach?
Customers and employees should update passwords, enable two-factor authentication, and monitor financial and online accounts for suspicious activity.
Farah Amod
