Bouygues Telecom, a major telecom company in France and the third-largest mobile operator, announced on Wednesday that it suffered a cyberattack affecting millions of customers’ data.
The nature of the attack was not disclosed, and the company said the “situation was resolved as quickly as possible” by its technical teams, and that “all necessary measures were put in place.”
According to its corporate statement, the attack “allowed unauthorized access to certain personal data from 6.4 million customer accounts.”
Bouygues announced 18.3 million mobile customers and 4.2 million fiber-to-the-home customers in its 2024 annual results, but it isn’t clear which segment was impacted.
The company stated those who were impacted “have received or will receive an email or text message to inform them, and our teams remain fully mobilized to support them.”
A report about the data breach has been sent to France’s data protection authority, the CNIL, and a complaint has been made to France’s judicial authorities.
Another attack occurred last week, targeting Orange, the largest telecom provider in the country. Orange has not reported any breaches of customer data, and no negative effects on its retail or enterprise customers have been reported since.
The French cybersecurity agency ANSSI has reported state-sponsored threats aimed at the telecommunications sector for espionage in its annual review, confirming several security breaches in recent years.
The ANSSI report highlights major incidents involving a suspected state-sponsored actor breaching a mobile network core and intrusions into satellite communication systems.
The agency’s investigation confirmed that the attackers aimed to intercept communications of specific targets.
ANSSI did not link the attack to a specific threat group monitored by Western agencies, but intercepted communications from targeted individuals were noted in the Salt Typhoon breaches in the U.S.
InfoSecBulletin Cybersecurity for mankind
