Orange Business Company CyberSecurity Posture
orange-business.com
At Orange Business, our ambition is to become the leading European Network and Digital Integrator by leveraging our proven expertise in next-generation connectivity solutions, the cloud and cybersecurity. Our 30,000 women and men are present in 65 countries, where every voice counts. Together, we are driven by the same determination and the same team spirit, to build the digital solutions of today and tomorrow and create a positive impact for our customers, for their employees and for the planet. We offer exciting opportunities through innovative projects in data and digital, cloud, AI, cybersecurity, IoT, or digital workspace and big data. Join us and be part of this adventure!
Company Details
orange-business-services
26,939
828,468
5415
orange-business.com
0
ORA_1601781
In-progress
Orange Business Risk Score (AI oriented)Between 750 and 799
Orange Business Global Score (TPRM)XXXX
Description: Orange Belgium disclosed a cyberattack discovered in late July 2024, compromising data from **850,000 customer accounts**. The breach exposed non-critical but sensitive personal information, including **names, first names, telephone numbers, SIM card numbers, and PUK (Personal Unblocking Key) codes**—8-digit security codes used to unblock SIM cards. The company confirmed that **no passwords, email addresses, banking, or financial details** were accessed. Upon detection, Orange Belgium blocked access to the affected system, reinforced security measures, and notified relevant authorities, filing an official complaint. Customers were alerted via email and SMS, with warnings to stay vigilant against potential phishing attempts via a dedicated webpage. The attack’s connection to a prior incident at parent company **Orange Group** (detected on July 25, with no confirmed customer data extraction) remains unconfirmed. The nature of the attack (e.g., method, perpetrator) was not disclosed.
Description: Orange Belgium, a major telecom operator, suffered a cyberattack targeting its IT systems, raising concerns over potential **theft of customer phone numbers**. The attack exposed vulnerabilities where fraudsters could exploit stolen customer data to impersonate legitimate users and **hijack phone numbers via SIM-swap fraud**. Once in control of a victim’s number, attackers could intercept **verification codes** (e.g., for password resets, email, social media, or payment systems), enabling broader fraudulent activities like account takeovers or financial theft. The Belgian telecom regulator (IBPT) responded by mandating an **additional verification step**—sending an SMS alert to customers for any number-transfer requests, allowing them to block unauthorized changes by replying 'STOP'. While no large-scale data breach (e.g., financial or sensitive personal records) was confirmed, the attack **disrupted trust in Orange’s security**, forced operational changes, and posed **reputational and financial risks** due to potential downstream fraud. Customers were urged to enable multi-factor authentication and scrutinize suspicious communications, highlighting the attack’s **secondary impact on user behavior and operational processes**.
Description: The cyber attackers targeted Orange and its subsidiary internet provider Nordnet in France. The cyberattack affected thousands of internet users across Europe amid the Ukraine-Russia war. Nearly 9,000 subscribers were affected by this internet outage.
Description: An unknown number of consumers were unable to access specific websites as a result of a hack that targeted Orange's Spanish business, a telecom operator. Orange successfully identified and neutralised the majority of the unauthorised access to its IP network coordination centre. The French corporation said that there was no risk to client data in a message posted on the social networking platform X.
Description: French telecommunications company Orange S.A.was targeted by a Nefilim ransomware group which resulted in data loss. The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems. The data from about 20 customers on its virtual hosting service was accessed by those behind the ransomware attack.
Description: Major telecommunications provider Orange suffered a severe security breach by the Babuk ransomware gang, resulting in the theft of 4.5 TB of sensitive data. The compromised data includes customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, and other personal information. This cyberattack has put both customers and the company at significant risk, impacting the confidentiality, integrity, and availability of valuable data.
Description: A criminal hacking gang, identified as Warlock, executed a ransomware attack on **Orange SA**, a major French telecommunications company, in late July 2025. The attackers breached internal systems, exfiltrating approximately **4 GB of business customer data**, which was later published on the dark web in mid-August. While Orange claimed the stolen data was **outdated or of low sensitivity**, the incident follows prior breaches in 2025, including a July attack on **850,000 customer accounts** in its Belgian division and a separate leak of **employee data in Romania**.The Warlock group, known for leasing ransomware to affiliate hackers, encrypted Orange’s systems and demanded payment for decryption. Orange collaborated with affected companies and authorities, notifying impacted parties before the data’s public release. Telecommunications firms remain high-value targets due to their repositories of **financial, governmental, and corporate communication data**, amplifying risks of reputational damage, regulatory scrutiny, and operational disruption.
Description: On March 17, 2022, Orange Business Services U.S., Inc. (OBS) discovered a data breach involving unauthorized access to servers belonging to its subsidiary, Orange Silicon Valley, LLC (OSV), which had occurred on January 4, 2022. The incident compromised sensitive personal information of **6,567 individuals**, including **9 Maine residents**, with exposed data including **Social Security numbers (SSNs)**—a high-value target for identity theft and financial fraud. The breach highlights a significant security lapse, as SSNs are critical identifiers that can enable long-term fraud, financial exploitation, and reputational damage for affected individuals. While the exact method of unauthorized access was not detailed, the exposure of such sensitive data suggests a failure in access controls, monitoring, or incident response protocols. The delay between the breach (January 4) and its discovery (March 17)—over **two months**—further exacerbates the risk, as threat actors could have exploited the stolen data during this period. The incident underscores the broader implications for Orange Business Services, including potential **legal liabilities** under data protection laws (e.g., GDPR, state-level breach notification statutes), **regulatory scrutiny**, and **loss of customer trust**. Given the nature of the exposed data, affected individuals face heightened risks of identity theft, phishing attacks, and financial fraud, necessitating credit monitoring and remediation efforts.
Description: Orange Cyberdefense apparently suffered a data breach incident after a popular forum offered data allegedly from their firm. Data in the sample included Contact Name, Email, Phone Number, Company Name, and Solution Name. The listing also offered to sell access to Orange Cyberdefense’s servers.
Description: The telecoms giant warned that customers were going to be affected by its response to the attack, however, it did not disclose the incident itself. In a statement, the company said: “At this stage of the investigation, there is no evidence to suggest that any customer or Orange data has been extracted. We remain vigilant in this regard.” The attack took place on Friday 25 July, with the group detecting a cyberattack on its information systems, with Orange Cyberdefense teams mobilising and isolating the potential attack to mitigate the impact. “However, these isolation operations have resulted in the disruption of certain services and management platforms for some of our corporate customers and some consumer services, primarily in France. Our dedicated teams are fully mobilised to inform and support affected customers,” Orange stated. “Our teams have identified and are implementing solutions that will allow, under heightened vigilance, the gradual reopening of the main impacted services by Wednesday morning [30 July]. It added that a complaint has been filed and the relevant authorities have been alerted. “At this stae of the investigation, there is no evidence to suggest that any customer or Orange data has been extracted. We remain vigilant in this regard,” it added. The attack follows Orange confirming earlier this year that it experienced a separate cyber attack in March. At the time, a member of the HellCat ransomware group, known as Rey, gained access to a “non-c
No incidents recorded for Orange Business in 2025.
No incidents recorded for Orange Business in 2025.
No incidents recorded for Orange Business in 2025.
Orange Business cyber incidents detection timeline including parent company and subsidiaries
At Orange Business, our ambition is to become the leading European Network and Digital Integrator by leveraging our proven expertise in next-generation connectivity solutions, the cloud and cybersecurity. Our 30,000 women and men are present in 65 countries, where every voice counts. Together, we are driven by the same determination and the same team spirit, to build the digital solutions of today and tomorrow and create a positive impact for our customers, for their employees and for the planet. We offer exciting opportunities through innovative projects in data and digital, cloud, AI, cybersecurity, IoT, or digital workspace and big data. Join us and be part of this adventure!
Almaviva is synonymous with digital innovation. Proven experience, unique skills, ongoing research and in-depth knowledge of a range of public and private market sectors are what make it the leading Italian Group in Information & Communications Technology. Almaviva leads the Country growth and take
Tata Elxsi is amongst the world’s leading providers of design and technology services across industries, including Automotive, Media & Entertainment, Communications, and Healthcare. Tata Elxsi is helping customers reimagine their products and services through design thinking and the application of d
TIVIT is a Brazil-based multinational company that offers enterprise-level digital solutions, and operates in ten countries in Latin America. We help our clients develop their businesses by offering industry-leading digital solutions divided into four main categories: Digital Business, Cloud Solutio
Conduent delivers digital business solutions and services spanning the commercial, government and transportation spectrum – creating valuable outcomes for its clients and the millions of people who count on them. We leverage cloud computing, artificial intelligence, machine learning, automation and
Insights you can act on to achieve trusted outcomes. We are insights-driven and outcomes-focused to help accelerate returns on your investments. Across 21 industry sectors and 400 locations worldwide, we provide comprehensive, scalable and sustainable IT and business consulting services that are in
Infinite is a global leader in technology modernization, next-gen IT services and solutions, and digital engineering, with over two decades of experience helping clients turn digital transformation into business value. Leveraging an AI-first approach, we combine leading technologies, innovative plat
Insight Enterprises, Inc. is a Fortune 500 solutions integrator helping organizations accelerate their digital journey to modernize their business and maximize the value of technology. Insight’s technical expertise spans cloud and edge-based transformation solutions, with global scale and optimizati
Sopra Steria, a major Tech player in Europe with 51,000 employees in nearly 30 countries, is recognised for its consulting, digital services and solutions. It helps its clients drive their digital transformation and obtain tangible and sustainable benefits. The Group provides end-to-end solutions to
FPT Software, a subsidiary of FPT Corporation, is a global technology and IT services provider headquartered in Vietnam, with USD 1.22 billion in revenue (2024) and over 33,000 employees in 30 countries. The company champions complex business opportunities and challenges with its world-class servic
.png)
Orange Business is to migrate a major part of its IT infrastructure to its part-owned Bleu sovereign cloud venture.
There is no trusted cloud without trusted connectivity,” says Benjamin Vigouroux, VP of digital infrastructure at Orange Business.
Orange Jordan announced its participation in The C8 2025 Conference and Exhibition on Cybersecurity Advancement, Innovation, and Technology,...
EQS-News: cyan AG and Orange Réunion Mayotte partner to launch new cybersecurity service in Réunion and Mayotte for B2B and B2C customers.
Orange Cyberdefense and watchTowr have highlighted the importance of proactive, preemptive management in strengthening the cybersecurity...
SCUT, Romania's newest cybersecurity company, has officially launched the concept of the digital cyber shield — a unified approach,...
Business - SCUT, Romania's newest cybersecurity company, has introduced the concept of a digital cyber shield, a unified approach co-created...
Orange's Cyberdefense has partnered with Qevlar AI to help businesses fight cybercrime across the African continent.
Qatar-based Ooredoo Group has partnered with software development company Innovatix Systems to deploy advanced cybersecurity services in the...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Orange Business is http://www.orange-business.com.
According to Rankiteo, Orange Business’s AI-generated cybersecurity score is 796, reflecting their Fair security posture.
According to Rankiteo, Orange Business currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Orange Business is not certified under SOC 2 Type 1.
According to Rankiteo, Orange Business does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Orange Business is not listed as GDPR compliant.
According to Rankiteo, Orange Business does not currently maintain PCI DSS compliance.
According to Rankiteo, Orange Business is not compliant with HIPAA regulations.
According to Rankiteo,Orange Business is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Orange Business operates primarily in the IT Services and IT Consulting industry.
Orange Business employs approximately 26,939 people worldwide.
Orange Business presently has no subsidiaries across any sectors.
Orange Business’s official LinkedIn profile has approximately 828,468 followers.
Orange Business is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
No, Orange Business does not have a profile on Crunchbase.
Yes, Orange Business maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/orange-business-services.
As of December 11, 2025, Rankiteo reports that Orange Business has experienced 10 cybersecurity incidents.
Orange Business has an estimated 37,490 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack, Ransomware and Breach.
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with the company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., and containment measures with identified and neutralised the majority of the unauthorised access, and communication strategy with posted a message on the social networking platform x, and and and containment measures with blocked access to the affected system, and remediation measures with strengthened security measures, and communication strategy with public statement, communication strategy with customer notifications via email and text message, communication strategy with dedicated web page for phishing awareness, and and and remediation measures with collaboration with affected companies, remediation measures with coordination with authorities, and communication strategy with advance notification to affected companies, communication strategy with public disclosure, and incident response plan activated with oui (mesures approuvées par l'ibpt), and third party assistance with ibpt (institut belge des services postaux et télécommunications), and containment measures with contrôle supplémentaire via sms de vérification pour les transferts de numéro, containment measures with possibilité d'annulation par le client en répondant 'stop', and remediation measures with évaluation périodique de la mesure par l'ibpt, remediation measures with adaptation si nécessaire, and communication strategy with avis publics via l'ibpt, communication strategy with messages sms aux clients concernés, communication strategy with recommandations de sécurité générales (double authentification, vigilance face aux messages suspects), and incident response plan activated with yes, and law enforcement notified with yes, and containment measures with isolation of potential attack, disruption of services, and remediation measures with gradual reopening of impacted services under heightened vigilance, and recovery measures with solutions implemented for service restoration by 2024-07-30, and communication strategy with public statement, customer advisories..
Title: Cyber Attack on Orange and Nordnet
Description: Cyber attackers targeted Orange and its subsidiary internet provider Nordnet in France, affecting thousands of internet users across Europe amid the Ukraine-Russia war.
Type: Cyber Attack
Title: Orange S.A. Nefilim Ransomware Attack
Description: French telecommunications company Orange S.A. was targeted by a Nefilim ransomware group which resulted in data loss.
Type: Ransomware
Threat Actor: Nefilim ransomware group
Title: Data Breach at Orange Cyberdefense
Description: Orange Cyberdefense suffered a data breach incident after a popular forum offered data allegedly from their firm. The data in the sample included Contact Name, Email, Phone Number, Company Name, and Solution Name. The listing also offered to sell access to Orange Cyberdefense’s servers.
Type: Data Breach
Motivation: Data Theft, Financial Gain
Title: Hack Targeting Orange's Spanish Business
Description: An unknown number of consumers were unable to access specific websites as a result of a hack that targeted Orange's Spanish business, a telecom operator. Orange successfully identified and neutralised the majority of the unauthorised access to its IP network coordination centre. The French corporation said that there was no risk to client data in a message posted on the social networking platform X.
Type: Hack
Title: Orange Telecommunications Breach by Babuk Ransomware
Description: Major telecommunications provider Orange suffered a severe security breach by the Babuk ransomware gang, resulting in the theft of 4.5 TB of sensitive data. The compromised data includes customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, and other personal information. This cyberattack has put both customers and the company at significant risk, impacting the confidentiality, integrity, and availability of valuable data.
Type: Data Breach, Ransomware
Threat Actor: Babuk ransomware gang
Title: Orange Belgium Cyberattack Compromising Customer Data
Description: Orange Belgium announced a cyberattack discovered at the end of July 2023 that compromised data from 850,000 customer accounts. The hacker accessed an IT system containing non-critical customer data, including names, telephone numbers, SIM card numbers, PUK codes, and tariff plans. The company blocked access to the affected system, strengthened security measures, and alerted authorities. Customers were notified via email and text message and advised to watch for phishing attempts.
Date Detected: Late July 2023 (exact date unspecified)
Date Publicly Disclosed: Wednesday, August 2, 2023 (approximate, based on announcement timing)
Type: Data Breach
Title: Orange Business Services U.S., Inc. Data Breach (2022)
Description: The Maine Office of the Attorney General reported that on March 17, 2022, Orange Business Services U.S., Inc. (OBS) learned of a data breach involving unauthorized access to several Orange Silicon Valley, LLC (OSV) servers, which occurred on January 4, 2022. The breach affected 6,567 individuals, including 9 residents of Maine, whose information included Social Security numbers.
Date Detected: 2022-03-17
Type: Data Breach
Title: Ransomware Hack Hits Orange Telecom, Data Published on Dark Web
Description: A criminal hacking gang (Warlock) stole business customer data from French telecommunications company Orange SA and published ~4GB of data on the dark web in mid-August 2025. The breach was disclosed to authorities in late July 2025. Orange confirmed the data was outdated or low-sensitivity and had informed affected companies in advance. This follows separate incidents in July (Belgian customer data breach) and another involving employee data in Romania published on the dark web.
Date Detected: 2025-07-01T00:00:00Z
Date Publicly Disclosed: 2025-07-31T00:00:00Z
Type: ransomware
Attack Vector: ransomware (Warlock)system compromise
Threat Actor: Warlock (ransomware-as-a-service group)
Motivation: financial gaindata theft
Title: Cyberattaque ciblant Orange Belgium avec risque de vol de numéros de téléphone
Description: Une cyberattaque a visé les systèmes informatiques d'Orange Belgium, entraînant un risque de vol de numéros de téléphone par des escrocs utilisant des données personnelles de clients pour usurper leur identité. L'IBPT (Institut Belge des services Postaux et Télécommunications) a approuvé une mesure de contrôle supplémentaire : un SMS de vérification envoyé aux clients en cas de demande de transfert de numéro, permettant d'annuler la demande en répondant 'STOP' si elle est frauduleuse. Le message est envoyé depuis le numéro 5000 (particuliers) ou 5995 (professionnels).
Type: Cyberattaque
Attack Vector: Exploitation de données personnelles voléesIngénierie socialeSIM swapping
Vulnerability Exploited: Faiblesse dans les procédures de vérification d'identitéAccès non autorisé aux données clients
Threat Actor: Escrocs / Cybercriminels (non identifiés)
Motivation: Fraude financièreVol d'identitéAccès non autorisé à des comptes en ligne
Title: Cyberattack on Orange Information Systems
Description: Orange detected a cyberattack on its information systems, leading to the isolation of potential threats and disruption of certain services for corporate and consumer customers, primarily in France. No evidence of data extraction was found at the time of the investigation.
Date Detected: 2024-07-25
Date Resolved: 2024-07-30
Type: Cyberattack
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Systems Affected: Internet Services
Data Compromised: Data from about 20 customers on its virtual hosting service was accessed.
Data Compromised: Contact name, Email, Phone number, Company name, Solution name
Systems Affected: IP network coordination centre
Operational Impact: Consumers unable to access specific websites
Data Compromised: Customer records, Email addresses, User data, Source code, Invoices, Internal documents, Contracts, Employee details, Credit cards, Messages, Call logs, Other personal information
Data Compromised: Customer names (first and last), Telephone numbers, Sim card numbers, Puk (personal unblocking key) codes, Tariff plans
Systems Affected: An IT system containing customer data
Brand Reputation Impact: Potential risk due to exposure of customer data and phishing warnings
Identity Theft Risk: Low (no critical data like passwords, emails, or financial details compromised, but PUK codes could enable SIM swapping)
Payment Information Risk: None (no banking or financial details exposed)
Data Compromised: Social security numbers
Systems Affected: Orange Silicon Valley, LLC (OSV) servers
Identity Theft Risk: High (Social Security numbers exposed)
Data Compromised: Business customer data, Outdated/low-sensitivity data
Systems Affected: internal systems
Operational Impact: limited
Brand Reputation Impact: moderate (public disclosure of breach)
Identity Theft Risk: low (data described as outdated/low-sensitivity)
Data Compromised: Données personnelles des clients (non précisées), Numéros de téléphone
Systems Affected: Systèmes informatiques d'Orange Belgium (partiellement)Procédures de transfert de numéro
Operational Impact: Renforcement des contrôles de sécurité pour les transferts de numéroCommunication accrue avec les clients
Brand Reputation Impact: Risque de perte de confiance des clientsNécéssité de mesures correctives publiques
Identity Theft Risk: ["Élevé (vol de numéros de téléphone pour usurpation d'identité)"]
Payment Information Risk: ["Risque accru via l'accès aux codes de vérification envoyés par SMS"]
Data Compromised: No evidence of data extraction
Systems Affected: Information systems, management platforms
Downtime: Disruption of services until 2024-07-30
Operational Impact: Disruption of corporate and consumer services, primarily in France
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Contact Name, Email, Phone Number, Company Name, Solution Name, , Customer Records, Email Addresses, User Data, Source Code, Invoices, Internal Documents, Contracts, Employee Details, Credit Cards, Messages, Call Logs, Other Personal Information, , Personal Data (Names, Telephone Numbers), Sim-Related Data (Sim Card Numbers, Puk Codes), Service Data (Tariff Plans), , Personally Identifiable Information (Pii), , Business Customer Data, Outdated Data, Low-Sensitivity Data, , Données Personnelles (Non Détaillées), Numéros De Téléphone and .
Entity Name: Orange
Entity Type: Company
Industry: Telecommunications
Location: France
Customers Affected: 9000
Entity Name: Nordnet
Entity Type: Company
Industry: Internet Service Provider
Location: France
Customers Affected: 9000
Entity Name: Orange S.A.
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: France
Customers Affected: 20
Entity Name: Orange Cyberdefense
Entity Type: Company
Industry: Cybersecurity
Entity Name: Orange
Entity Type: Telecom Operator
Industry: Telecommunications
Location: Spain
Customers Affected: Unknown number
Entity Name: Orange
Entity Type: Telecommunications provider
Industry: Telecommunications
Entity Name: Orange Belgium
Entity Type: Telecommunications Provider
Industry: Telecommunications
Location: Belgium
Customers Affected: 850,000
Entity Name: Orange Business Services U.S., Inc. (OBS)
Entity Type: Corporation
Industry: Telecommunications / IT Services
Location: United States
Customers Affected: 6,567 individuals (including 9 Maine residents)
Entity Name: Orange Silicon Valley, LLC (OSV)
Entity Type: Subsidiary
Industry: Telecommunications / IT Services
Location: Silicon Valley, California, USA
Entity Name: Orange SA
Entity Type: telecommunications
Industry: telecommunications
Location: France (HQ: Paris)
Size: large enterprise
Entity Name: Orange Belgium
Entity Type: subsidiary
Industry: telecommunications
Location: Belgium
Customers Affected: 850,000 (separate incident in July 2025)
Entity Name: Orange Romania
Entity Type: subsidiary
Industry: telecommunications
Location: Romania
Entity Name: Orange Belgium
Entity Type: Opérateur télécom
Industry: Télécommunications
Location: Belgique
Customers Affected: Clients particuliers et professionnels (nombre non précisé)
Entity Name: Orange
Entity Type: Telecoms
Industry: Telecommunications
Location: France
Customers Affected: Corporate customers and some consumer services
Containment Measures: The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems.
Containment Measures: Identified and neutralised the majority of the unauthorised access
Communication Strategy: Posted a message on the social networking platform X
Incident Response Plan Activated: True
Containment Measures: Blocked access to the affected system
Remediation Measures: Strengthened security measures
Communication Strategy: Public statementCustomer notifications via email and text messageDedicated web page for phishing awareness
Incident Response Plan Activated: True
Remediation Measures: collaboration with affected companiescoordination with authorities
Communication Strategy: advance notification to affected companiespublic disclosure
Incident Response Plan Activated: Oui (mesures approuvées par l'IBPT)
Third Party Assistance: Ibpt (Institut Belge Des Services Postaux Et Télécommunications).
Containment Measures: Contrôle supplémentaire via SMS de vérification pour les transferts de numéroPossibilité d'annulation par le client en répondant 'STOP'
Remediation Measures: Évaluation périodique de la mesure par l'IBPTAdaptation si nécessaire
Communication Strategy: Avis publics via l'IBPTMessages SMS aux clients concernésRecommandations de sécurité générales (double authentification, vigilance face aux messages suspects)
Incident Response Plan Activated: Yes
Law Enforcement Notified: Yes
Containment Measures: Isolation of potential attack, disruption of services
Remediation Measures: Gradual reopening of impacted services under heightened vigilance
Recovery Measures: Solutions implemented for service restoration by 2024-07-30
Communication Strategy: Public statement, customer advisories
Incident Response Plan: The company's incident response plan is described as Oui (mesures approuvées par l'IBPT), Yes.
Third-Party Assistance: The company involves third-party assistance in incident response through IBPT (Institut Belge des services Postaux et Télécommunications), .
Type of Data Compromised: Contact name, Email, Phone number, Company name, Solution name
Personally Identifiable Information: Contact NameEmailPhone Number
Type of Data Compromised: Customer records, Email addresses, User data, Source code, Invoices, Internal documents, Contracts, Employee details, Credit cards, Messages, Call logs, Other personal information
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Type of Data Compromised: Personal data (names, telephone numbers), Sim-related data (sim card numbers, puk codes), Service data (tariff plans)
Number of Records Exposed: 850,000
Sensitivity of Data: Moderate (no critical data like passwords or financial details, but PUK codes are sensitive)
Personally Identifiable Information: NamesTelephone numbers
Type of Data Compromised: Personally identifiable information (pii)
Number of Records Exposed: 6,567
Sensitivity of Data: High
Data Exfiltration: Yes (unauthorized access)
Personally Identifiable Information: Social Security numbers
Type of Data Compromised: Business customer data, Outdated data, Low-sensitivity data
Sensitivity of Data: low
Data Encryption: True
Type of Data Compromised: Données personnelles (non détaillées), Numéros de téléphone
Sensitivity of Data: Élevée (risque d'usurpation d'identité et de fraude)
Data Exfiltration: Probable (utilisation des données par des escrocs)
Personally Identifiable Information: Numéros de téléphoneAutres données personnelles (non spécifiées)
Data Exfiltration: No evidence of data extraction
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Strengthened security measures, , collaboration with affected companies, coordination with authorities, , Évaluation périodique de la mesure par l'IBPT, Adaptation si nécessaire, , Gradual reopening of impacted services under heightened vigilance.
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by the company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., identified and neutralised the majority of the unauthorised access, , blocked access to the affected system, , contrôle supplémentaire via sms de vérification pour les transferts de numéro, possibilité d'annulation par le client en répondant 'stop', , isolation of potential attack and disruption of services.
Ransomware Strain: Nefilim
Ransomware Strain: Warlock
Data Encryption: True
Data Exfiltration: True
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Solutions implemented for service restoration by 2024-07-30.
Legal Actions: Official complaint filed with judicial authorities,
Regulatory Notifications: Relevant authorities alerted
Regulatory Notifications: Maine Office of the Attorney General
Regulatory Notifications: French national authorities (disclosed late July 2025)
Regulatory Notifications: Notification et collaboration avec l'IBPT pour les mesures correctives
Legal Actions: Complaint filed
Regulatory Notifications: Relevant authorities alerted
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Official complaint filed with judicial authorities, , Complaint filed.
Lessons Learned: Nécessité de renforcer les procédures de vérification d'identité pour les transferts de numéro, Importance de la communication proactive avec les clients en cas de risque de fraude, Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité
Recommendations: Customers advised to monitor for phishing attempts, Company likely reviewing access controls and system segmentationCustomers advised to monitor for phishing attempts, Company likely reviewing access controls and system segmentation
Recommendations: Activer la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphone
Key Lessons Learned: The key lessons learned from past incidents are Nécessité de renforcer les procédures de vérification d'identité pour les transferts de numéro,Importance de la communication proactive avec les clients en cas de risque de fraude,Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité.
Source: Social networking platform X
Source: Orange Belgium Public Statement
Date Accessed: August 2023
Source: Maine Office of the Attorney General
Source: IBPT (Institut Belge des services Postaux et Télécommunications)
Source: Orange Statement
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Social networking platform X, and Source: Orange Belgium Public StatementDate Accessed: August 2023, and Source: Maine Office of the Attorney General, and Source: BloombergDate Accessed: 2025-01-01, and Source: Orange SA spokesperson statementDate Accessed: 2025-08-15, and Source: IBPT (Institut Belge des services Postaux et Télécommunications), and Source: Orange Statement.
Investigation Status: Ongoing (no updates on root cause or relation to Orange Group incident)
Investigation Status: ongoing (as of August 2025)
Investigation Status: Mesures correctives en cours (évaluation périodique par l'IBPT)
Investigation Status: Ongoing
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Posted A Message On The Social Networking Platform X, Public Statement, Customer Notifications Via Email And Text Message, Dedicated Web Page For Phishing Awareness, Advance Notification To Affected Companies, Public Disclosure, Avis Publics Via L'Ibpt, Messages Sms Aux Clients Concernés, Recommandations De Sécurité Générales (Double Authentification, Vigilance Face Aux Messages Suspects), Public statement and customer advisories.
Stakeholder Advisories: Customers Notified Via Email And Text Message.
Customer Advisories: Warning about potential phishing attemptsDedicated web page for guidance
Stakeholder Advisories: Affected Companies Notified In Advance.
Stakeholder Advisories: Avis Public De L'Ibpt Sur Les Risques De Fraude, Recommandations De Sécurité Pour Tous Les Utilisateurs De Services Télécoms.
Customer Advisories: SMS de vérification envoyé depuis le 5000 (particuliers) ou 5995 (professionnels) en cas de demande de transfert de numéroInstructions pour annuler une demande frauduleuse en répondant 'STOP'Conseils généraux de sécurité (double authentification, vigilance)
Customer Advisories: Affected customers informed and supported
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers Notified Via Email And Text Message, Warning About Potential Phishing Attempts, Dedicated Web Page For Guidance, , Affected Companies Notified In Advance, Avis Public De L'Ibpt Sur Les Risques De Fraude, Recommandations De Sécurité Pour Tous Les Utilisateurs De Services Télécoms, Sms De Vérification Envoyé Depuis Le 5000 (Particuliers) Ou 5995 (Professionnels) En Cas De Demande De Transfert De Numéro, Instructions Pour Annuler Une Demande Frauduleuse En Répondant 'Stop', Conseils Généraux De Sécurité (Double Authentification, Vigilance), and Affected customers informed and supported.
High Value Targets: Business Customer Data,
Data Sold on Dark Web: Business Customer Data,
High Value Targets: Données Clients (Numéros De Téléphone Et Informations Personnelles),
Data Sold on Dark Web: Données Clients (Numéros De Téléphone Et Informations Personnelles),
Corrective Actions: Strengthened Security Measures (Unspecified),
Root Causes: Failles Dans La Protection Des Données Clients, Procédures De Vérification Insuffisantes Pour Les Transferts De Numéro,
Corrective Actions: Ajout D'Un Contrôle Sms Pour Les Transferts De Numéro, Évaluation Périodique Par L'Ibpt, Sensibilisation Des Clients,
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Ibpt (Institut Belge Des Services Postaux Et Télécommunications), .
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Strengthened Security Measures (Unspecified), , Ajout D'Un Contrôle Sms Pour Les Transferts De Numéro, Évaluation Périodique Par L'Ibpt, Sensibilisation Des Clients, .
Last Attacking Group: The attacking group in the last incident were an Nefilim ransomware group, Babuk ransomware gang, Warlock (ransomware-as-a-service group) and Escrocs / Cybercriminels (non identifiés).
Most Recent Incident Detected: The most recent incident detected was on Late July 2023 (exact date unspecified).
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-07-31T00:00:00Z.
Most Recent Incident Resolved: The most recent incident resolved was on 2024-07-30.
Most Significant Data Compromised: The most significant data compromised in an incident were Data from about 20 customers on its virtual hosting service was accessed., Contact Name, Email, Phone Number, Company Name, Solution Name, , customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, other personal information, , Customer names (first and last), Telephone numbers, SIM card numbers, PUK (Personal Unblocking Key) codes, Tariff plans, , Social Security numbers, , business customer data, outdated/low-sensitivity data, , Données personnelles des clients (non précisées), Numéros de téléphone, and No evidence of data extraction.
Most Significant System Affected: The most significant system affected in an incident were IP network coordination centre and An IT system containing customer data and Orange Silicon Valley, LLC (OSV) servers and internal systems and Systèmes informatiques d'Orange Belgium (partiellement)Procédures de transfert de numéro and .
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was ibpt (institut belge des services postaux et télécommunications), .
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., Identified and neutralised the majority of the unauthorised access, Blocked access to the affected system, Contrôle supplémentaire via SMS de vérification pour les transferts de numéroPossibilité d'annulation par le client en répondant 'STOP', Isolation of potential attack and disruption of services.
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were contracts, Telephone numbers, Données personnelles des clients (non précisées), Social Security numbers, Phone Number, employee details, user data, email addresses, outdated/low-sensitivity data, Customer names (first and last), Email, Data from about 20 customers on its virtual hosting service was accessed., other personal information, internal documents, PUK (Personal Unblocking Key) codes, Contact Name, credit cards, messages, source code, Numéros de téléphone, Tariff plans, SIM card numbers, invoices, Company Name, customer records, Solution Name, No evidence of data extraction, call logs and business customer data.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 856.6K.
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Official complaint filed with judicial authorities, , Complaint filed.
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité.
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Activer la double authentification pour les services en ligne, Company likely reviewing access controls and system segmentation, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Limiter la publication d'informations personnelles sur les réseaux sociaux, Customers advised to monitor for phishing attempts, Être vigilant face aux appels ou messages suspects and Surveiller les activités suspectes sur les comptes liés au numéro de téléphone.
Most Recent Source: The most recent source of information about an incident are Social networking platform X, Orange Belgium Public Statement, Bloomberg, Orange Statement, Maine Office of the Attorney General, Orange SA spokesperson statement and IBPT (Institut Belge des services Postaux et Télécommunications).
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (no updates on root cause or relation to Orange Group incident).
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers notified via email and text message, affected companies notified in advance, Avis public de l'IBPT sur les risques de fraude, Recommandations de sécurité pour tous les utilisateurs de services télécoms, .
Most Recent Customer Advisory: The most recent customer advisory issued were an Warning about potential phishing attemptsDedicated web page for guidance, SMS de vérification envoyé depuis le 5000 (particuliers) ou 5995 (professionnels) en cas de demande de transfert de numéroInstructions pour annuler une demande frauduleuse en répondant 'STOP'Conseils généraux de sécurité (double authentification, vigilance) and Affected customers informed and supported.
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Failles dans la protection des données clientsProcédures de vérification insuffisantes pour les transferts de numéro.
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Strengthened security measures (unspecified), Ajout d'un contrôle SMS pour les transferts de numéroÉvaluation périodique par l'IBPTSensibilisation des clients.
.png)
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid