French telecommunications giant Orange Group has confirmed a security breach after a hacker leaked company documents online, revealing sensitive user and employee data. The hacker, known as “Rey” and affiliated with the HellCat ransomware group, attempted to extort the company before making the stolen data public.
Details of the Breach
According to the hacker’s claims on a cybercriminal forum, the breach primarily affected Orange’s Romanian division. The stolen data reportedly includes:
- 380,000 unique email addresses
- Source code
- Invoices and contracts
- Customer and employee information
- Partial payment card details from Romanian customers
Rey stated that the attack was not a ransomware operation and that they had access to Orange’s internal systems for over a month. They exfiltrated nearly 12,000 files, amounting to approximately 6.5GB of data, in a three-hour window without being detected.
The breach was allegedly carried out by exploiting compromised credentials and vulnerabilities in Orange’s Jira software and internal portals. The hacker claims to have left a ransom note in the compromised system, but the company did not engage in negotiations.
Orange Group’s Response
In a statement to BleepingComputer, Orange confirmed the breach but emphasized that it impacted a “non-critical back-office application” and did not disrupt customer operations.
“Orange can confirm that our operations in Romania have been the target of a cyberattack. We took immediate action, and our top priority remains protecting the data and interests of our employees, customers, and partners. There has been no impact on customers’ operations, and the breach was found to occur on a non-critical back-office application.”
The company has launched an internal investigation and is working to assess the extent of the breach while implementing measures to mitigate its impact. Additionally, Orange is complying with all legal obligations and cooperating with relevant authorities to address the situation.
Connection to HellCat Ransomware Group
Although Rey claims to have breached Orange independently, they are affiliated with the HellCat ransomware group, which has previously targeted major corporations, including Schneider Electric and Spanish telecommunications firm Telefónica. In both cases, the attackers leveraged Jira server vulnerabilities to steal corporate data.
Potential Impact
Some of the leaked email addresses belong to former employees, contractors, and partners, with records dating back more than five years. Additionally, much of the exposed payment card information appears to have expired. However, the presence of customer and employee data still raises concerns over potential identity theft, phishing campaigns, and further cyberattacks.
Ongoing Investigation
Orange Group continues to investigate the breach, with its cybersecurity teams working to secure affected systems and prevent future attacks. The company has pledged to provide updates as more details emerge.
This incident highlights the growing threat of cybercriminals exploiting vulnerabilities in enterprise software to gain unauthorized access to corporate networks. Organizations must remain vigilant in securing their systems, regularly updating software, and enforcing strong authentication measures to prevent similar attacks.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
