InfoSecBulletin Cybersecurity for mankind
Bouygues Telecom, a major telecom company in France and the third-largest mobile operator, announced on Wednesday that it suffered a cyberattack affecting millions of customers’ data.
The nature of the attack was not disclosed, and the company said the “situation was resolved as quickly as possible” by its technical teams, and that “all necessary measures were put in place.”
SoupDealer Malware Bypasses Every Sandbox, AV’s, XDR/EDR in Real-World Incidents
WinRAR Zero-Day and 7-Zip Vulnerability actively exploited
Biometric Clone: ₹5.58 crore loss, 251 accounts in 17 districts
Google Confirms Data Breach: Notifying Affected Users
28,000+ Microsoft Exchange Servers Exposed Online for CVE-2025-53786
Google alerts of cloud storage bucket hijacking attacks
Multiple 0-days to Bypass BitLocker and Extract Data
Amazon ECS Internal Protocol Exploited to Steal AWS Credentials
7 Tools for Automated Server Patching
Germany’s top court rules police may use spyware solely for serious crimes
According to its corporate statement, the attack “allowed unauthorized access to certain personal data from 6.4 million customer accounts.”
Bouygues announced 18.3 million mobile customers and 4.2 million fiber-to-the-home customers in its 2024 annual results, but it isn’t clear which segment was impacted.
The company stated those who were impacted “have received or will receive an email or text message to inform them, and our teams remain fully mobilized to support them.”
A report about the data breach has been sent to France’s data protection authority, the CNIL, and a complaint has been made to France’s judicial authorities.
Another attack occurred last week, targeting Orange, the largest telecom provider in the country. Orange has not reported any breaches of customer data, and no negative effects on its retail or enterprise customers have been reported since.
The French cybersecurity agency ANSSI has reported state-sponsored threats aimed at the telecommunications sector for espionage in its annual review, confirming several security breaches in recent years.
The ANSSI report highlights major incidents involving a suspected state-sponsored actor breaching a mobile network core and intrusions into satellite communication systems.
The agency’s investigation confirmed that the attackers aimed to intercept communications of specific targets.
ANSSI did not link the attack to a specific threat group monitored by Western agencies, but intercepted communications from targeted individuals were noted in the Salt Typhoon breaches in the U.S.
