Orange Data Breach: Hacker Leaks Documents

Summary

Orange Group confirms a cyberattack impacting its Romanian operations. A hacker, “Rey,” leaked stolen data after a failed extortion attempt. The breach exposed email addresses, internal documents, and some customer data, but Orange states customer operations remain unaffected.

Dont let data threats slow you downTrueNAS offers enterprise-level protection.

** Main Story**

Orange Group, a major French telecommunications company, has confirmed a data breach after a hacker leaked internal documents. The hacker, known as “Rey” and associated with the HellCat ransomware group, claims to have exploited vulnerabilities in Orange’s systems, including Jira software and internal portals. This allowed them to access the company’s network for over a month before exfiltrating approximately 6.5GB of data, comprising around 12,000 files. Orange has confirmed the breach, stating that it impacted a “non-critical application” within its Romanian operations. The company has launched an internal investigation and is working with cybersecurity teams and authorities to fully understand the extent of the incident.

The Hacker’s Claims and Leaked Data

Rey claims to have stolen approximately 380,000 unique email addresses, including those of current and former employees, partners, and contractors. The leaked data also includes source code, invoices, contracts, partial payment card details of Romanian customers, and information related to Yoxo, Orange’s subscription-based service. While Orange has confirmed the breach, they have yet to corroborate the full extent of the data exfiltration claimed by the hacker. However, initial analysis suggests that some of the leaked data is outdated, with some email addresses belonging to individuals no longer associated with Orange and many of the payment card details having expired. Rey maintains that this breach was not a ransomware operation despite their affiliation with the HellCat ransomware group. The hacker states that they attempted to extort Orange, but after the company failed to respond, they leaked the stolen data on a hacker forum.

Orange’s Response and Ongoing Investigation

Orange has emphasized that the attack has not affected customer operations. The company’s cybersecurity and IT teams are conducting a thorough investigation to determine the full scope of the breach and minimize any potential risks. Orange states that their priority is to protect the data of their employees, customers, and partners and that they are taking all necessary steps to address the situation. While the company has confirmed that the compromised application is non-critical, the incident highlights the ongoing cybersecurity challenges faced by even large telecommunications providers.

Broader Implications and Cybersecurity Concerns

This data breach underscores the increasing sophistication and persistence of cyberattacks, particularly those targeting vulnerabilities in commonly used software like Jira. It also highlights the importance of robust cybersecurity measures, including strong credential management, regular vulnerability patching, and incident response plans.

As of today, March 1, 2025, the investigation is ongoing, and the full impact of the breach is yet to be determined. This situation serves as a reminder for all organizations to remain vigilant and proactive in their cybersecurity efforts to mitigate the risks of similar attacks. The increasing prevalence of data breaches emphasizes the need for continuous improvement in security practices and the adoption of a multi-layered approach to defense. This incident will likely lead to further scrutiny of Orange’s security posture and could potentially result in regulatory investigations and legal ramifications.