Massive Orange Belgium data breach may have hit over 850,000 customers - here's what we know

2 hours ago 3

Red padlock open on electric circuits network dark red background

(Image credit: Shutterstock/Chor muang)

Orange is notifying users of a data breach
A threat actor stole names, emails, and more, on 850,000 people
An investigation is ongoing

Orange Belgium has confirmed suffering a cyberattack in which the attackers stole sensitive data on hundreds of thousands of users.

In a press release published on the company’s website, Orange Belgium confirmed the breach, and said it spotted the intrusion in late July, 2025. After ousting the attackers, tightening its controls, notifying law enforcement, and launching an investigation, Orange determined that the attackers managed to exfiltrate data on 850,000 of its customers.

The data includes full names, phone numbers, SIM card numbers, PUK codes, and tariff plans. Passwords, email addresses, or financial information, was not accessed, it was said. Affected individuals were apparently notified either via email, or SMS.

No typhoons

Orange did not discuss who the threat actors were, or if this was a ransomware attack or a simple data smash-and-grab.

In a statement, the company said the attack was not linked to the Chinese ‘typhoon’ adversaries that have been targeting telecommunications providers in the West for some time.

It also said it knows who the attackers are, but since the investigation is currently ongoing, it cannot share it with the public.

A subsidiary of the global telecommunications behemoth, Orange Belgium is a major telecommunications provider in the country, servicing roughly 3.5 million post-paid mobile subscribers, and approximately a million cable subscribers.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The parent company is also often targeted by different cybercriminals.

In late February 2025, a member of the HellCat ransomware organization, alias Rey, held access to a “non-critical application”, belonging to Orange Romania, having obtained access by exploiting compromised credentials and flaws in Jira.

Less than a month later, the same subsidiary suffered a second breach, and in January, Orange Spain suffered a “major outage” after a threat actor going by the alias “Snow” obtained a “ridiculously weak” password for an account that manages the global routing table and controls the networks that deliver the company’s internet traffic.

Via BleepingComputer

UK firms at at risk of more cyber incidents - here's how to stay protected
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article