Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers.
Orange Belgium provides fixed and mobile connectivity services to over 3 million customers in Belgium and Luxembourg, employs 1,500 staff, and claims to operate the largest 4G/5G network in the country. Last year, the company reported total service revenues of €1.34 billion.
When BleepingComputer reached out for more details regarding last month’s breach, an Orange Belgium spokesperson stated that the company couldn’t confirm whether any systems were encrypted during the incident, but said that the breach wasn’t the result of attacks targeting telecom companies worldwide that have been linked to China’s Salt Typhoon cyber-espionage group.
The spokesperson added that Orange Belgium is aware of the threat group behind the breach, but didn’t name them due to an ongoing investigation.
“At the end of July, Orange Belgium detected a cyberattack on one of its IT systems, resulting in unauthorised access to certain data from 850,000 customer accounts,” the telecom company revealed.
While the threat actors didn’t gain access to the passwords, email addresses, or financial information of impacted customers, they were able to compromise systems containing some account information.
“However, the hacker gained access to one of our IT systems containing the following data: surname, first name, telephone number, SIM card number, PUK code, tariff plan,” it added.
Orange Belgium is notifying all customers affected by this incident via email or SMS, advising them to remain vigilant for any suspicious messages or calls.
BleepingComputer was also told that this breach is a separate incident from the cyberattack disclosed by Orange Group at the end of July, when its parent company announced that it had detected a breached system on its network on July 25. The Orange Group breach in July led to some operational disruptions, but they primarily affected French customers.
In February, Orange’s Romanian branch also confirmed the breach of a non-critical application after a threat actor claimed to have stolen thousands of internal documents, containing 380,000 email addresses, as well as employee data, user records, source code, invoices, and contracts.
Five years ago, in early July 2020, the telecom giant’s Orange Business Solutions division was also hit by a Nefilim ransomware attack, which exposed the data of twenty of its enterprise customers.
Orange Group, the parent company of Orange Belgium, has 125,800 employees worldwide and reported revenues of €40.3 billion in 2024. It provides communication and business services to 294 million customers across Europe, Africa, and the Middle East, including 256 million mobile and 22 million fixed broadband customers.
