Orange
Company Details
Linkedin ID:
orange
Website:
Employees number:
132,461
Number of followers:
1,156,313
NAICS:
517
Industry Type:
Homepage:
orange.com
IP Addresses:
889
Company ID:
ORA_3376334
Scan Status:
Completed
Orange Company CyberSecurity Posture
orange.com
Orange is one of the world’s leading telecommunications operators with revenues of 40.3 billion euros in 2024 and 127,000 employees worldwide at 31 December 2024, including 71,000 employees in France. The Group has a total customer base of 291 million customers worldwide at 31 December 2024, including 253 million mobile customers and 22 million fixed broadband customers. The Group is present in 26 countries. Orange is also a leading provider of global IT and telecommunication services to multinational companies under the brand Orange Business. In February 2023, the Group presented its strategic plan « Lead the future », built on a new business model and guided by responsibility and efficiency. « Lead the future » capitalizes on network excellence to reinforce Orange's leadership in service quality.
Orange A.I CyberSecurity Scoring
Orange Risk Score (AI oriented)Between 0 and 549
Orange
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Orange Global Score (TPRM)XXXX
Orange
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Orange Company CyberSecurity News & History
Past Incidents
10
Attack Types
3
Orange Belgium
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Orange Belgium disclosed a cyberattack discovered in late July 2024, compromising data from **850,000 customer accounts**. The breach exposed non-critical but sensitive personal information, including **names, first names, telephone numbers, SIM card numbers, and PUK (Personal Unblocking Key) codes**—8-digit security codes used to unblock SIM cards. The company confirmed that **no passwords, email addresses, banking, or financial details** were accessed. Upon detection, Orange Belgium blocked access to the affected system, reinforced security measures, and notified relevant authorities, filing an official complaint. Customers were alerted via email and SMS, with warnings to stay vigilant against potential phishing attempts via a dedicated webpage. The attack’s connection to a prior incident at parent company **Orange Group** (detected on July 25, with no confirmed customer data extraction) remains unconfirmed. The nature of the attack (e.g., method, perpetrator) was not disclosed.
Orange Belgium
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: Orange Belgium, a major telecom operator, suffered a cyberattack targeting its IT systems, raising concerns over potential **theft of customer phone numbers**. The attack exposed vulnerabilities where fraudsters could exploit stolen customer data to impersonate legitimate users and **hijack phone numbers via SIM-swap fraud**. Once in control of a victim’s number, attackers could intercept **verification codes** (e.g., for password resets, email, social media, or payment systems), enabling broader fraudulent activities like account takeovers or financial theft. The Belgian telecom regulator (IBPT) responded by mandating an **additional verification step**—sending an SMS alert to customers for any number-transfer requests, allowing them to block unauthorized changes by replying 'STOP'. While no large-scale data breach (e.g., financial or sensitive personal records) was confirmed, the attack **disrupted trust in Orange’s security**, forced operational changes, and posed **reputational and financial risks** due to potential downstream fraud. Customers were urged to enable multi-factor authentication and scrutinize suspicious communications, highlighting the attack’s **secondary impact on user behavior and operational processes**.
Orange
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of a geographical region
Description: The cyber attackers targeted Orange and its subsidiary internet provider Nordnet in France. The cyberattack affected thousands of internet users across Europe amid the Ukraine-Russia war. Nearly 9,000 subscribers were affected by this internet outage.
Orange
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: An unknown number of consumers were unable to access specific websites as a result of a hack that targeted Orange's Spanish business, a telecom operator. Orange successfully identified and neutralised the majority of the unauthorised access to its IP network coordination centre. The French corporation said that there was no risk to client data in a message posted on the social networking platform X.
Orange
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: French telecommunications company Orange S.A.was targeted by a Nefilim ransomware group which resulted in data loss. The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems. The data from about 20 customers on its virtual hosting service was accessed by those behind the ransomware attack.
Orange
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Major telecommunications provider Orange suffered a severe security breach by the Babuk ransomware gang, resulting in the theft of 4.5 TB of sensitive data. The compromised data includes customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, and other personal information. This cyberattack has put both customers and the company at significant risk, impacting the confidentiality, integrity, and availability of valuable data.
Orange SA
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A criminal hacking gang, identified as Warlock, executed a ransomware attack on **Orange SA**, a major French telecommunications company, in late July 2025. The attackers breached internal systems, exfiltrating approximately **4 GB of business customer data**, which was later published on the dark web in mid-August. While Orange claimed the stolen data was **outdated or of low sensitivity**, the incident follows prior breaches in 2025, including a July attack on **850,000 customer accounts** in its Belgian division and a separate leak of **employee data in Romania**.The Warlock group, known for leasing ransomware to affiliate hackers, encrypted Orange’s systems and demanded payment for decryption. Orange collaborated with affected companies and authorities, notifying impacted parties before the data’s public release. Telecommunications firms remain high-value targets due to their repositories of **financial, governmental, and corporate communication data**, amplifying risks of reputational damage, regulatory scrutiny, and operational disruption.
Orange Business Services U.S., Inc.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On March 17, 2022, Orange Business Services U.S., Inc. (OBS) discovered a data breach involving unauthorized access to servers belonging to its subsidiary, Orange Silicon Valley, LLC (OSV), which had occurred on January 4, 2022. The incident compromised sensitive personal information of **6,567 individuals**, including **9 Maine residents**, with exposed data including **Social Security numbers (SSNs)**—a high-value target for identity theft and financial fraud. The breach highlights a significant security lapse, as SSNs are critical identifiers that can enable long-term fraud, financial exploitation, and reputational damage for affected individuals. While the exact method of unauthorized access was not detailed, the exposure of such sensitive data suggests a failure in access controls, monitoring, or incident response protocols. The delay between the breach (January 4) and its discovery (March 17)—over **two months**—further exacerbates the risk, as threat actors could have exploited the stolen data during this period. The incident underscores the broader implications for Orange Business Services, including potential **legal liabilities** under data protection laws (e.g., GDPR, state-level breach notification statutes), **regulatory scrutiny**, and **loss of customer trust**. Given the nature of the exposed data, affected individuals face heightened risks of identity theft, phishing attacks, and financial fraud, necessitating credit monitoring and remediation efforts.
Orange Cyberdefense
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Orange Cyberdefense apparently suffered a data breach incident after a popular forum offered data allegedly from their firm. Data in the sample included Contact Name, Email, Phone Number, Company Name, and Solution Name. The listing also offered to sell access to Orange Cyberdefense’s servers.
Orange Cyberdefense: Orange hit by recent cyberattack
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The telecoms giant warned that customers were going to be affected by its response to the attack, however, it did not disclose the incident itself. In a statement, the company said: “At this stage of the investigation, there is no evidence to suggest that any customer or Orange data has been extracted. We remain vigilant in this regard.” The attack took place on Friday 25 July, with the group detecting a cyberattack on its information systems, with Orange Cyberdefense teams mobilising and isolating the potential attack to mitigate the impact. “However, these isolation operations have resulted in the disruption of certain services and management platforms for some of our corporate customers and some consumer services, primarily in France. Our dedicated teams are fully mobilised to inform and support affected customers,” Orange stated. “Our teams have identified and are implementing solutions that will allow, under heightened vigilance, the gradual reopening of the main impacted services by Wednesday morning [30 July]. It added that a complaint has been filed and the relevant authorities have been alerted. “At this stae of the investigation, there is no evidence to suggest that any customer or Orange data has been extracted. We remain vigilant in this regard,” it added. The attack follows Orange confirming earlier this year that it experienced a separate cyber attack in March. At the time, a member of the HellCat ransomware group, known as Rey, gained access to a “non-c
Orange Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Orange
Incidents vs Telecommunications Industry Average (This Year)
Orange has 289.61% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Orange has 289.61% more incidents than the average of all companies with at least one recorded incident.
Incident Types Orange vs Telecommunications Industry Avg (This Year)
Orange reported 3 incidents this year: 1 cyber attacks, 2 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Orange (X = Date, Y = Severity)
Orange cyber incidents detection timeline including parent company and subsidiaries
Orange Company Subsidiaries
Orange is one of the world’s leading telecommunications operators with revenues of 40.3 billion euros in 2024 and 127,000 employees worldwide at 31 December 2024, including 71,000 employees in France. The Group has a total customer base of 291 million customers worldwide at 31 December 2024, including 253 million mobile customers and 22 million fixed broadband customers. The Group is present in 26 countries. Orange is also a leading provider of global IT and telecommunication services to multinational companies under the brand Orange Business. In February 2023, the Group presented its strategic plan « Lead the future », built on a new business model and guided by responsibility and efficiency. « Lead the future » capitalizes on network excellence to reinforce Orange's leadership in service quality.
Loading...
Orange Similar Companies
TIM Brasil
A TIM é a empresa de telefonia móvel que mais cresce no Brasil. Atualmente, possui mais de 13 mil colaboradores em todo o país que trabalham entregando serviços inovadores e de qualidade em telefonia móvel, fixa e internet banda larga. É uma companhia feita de pessoas criativas, com energia real
Zain Group
Zain Group is a leading provider of innovative ICT technologies & digital lifestyle communications operating in 8 markets across the Middle East & Africa, serving 50.9 million active customers as of 30 June 2025. Zain provides mobile voice, data and B2B services in: Kuwait, Bahrain, Iraq, Jordan, Sa
Bharti Enterprises
Bharti Enterprises is one of India’s leading business group with diversified interests in telecom, financial services, real estate, hospitality, agri and food. Bharti has been a pioneering force in the Indian telecom sector with many firsts and innovations to its credit. Bharti Airtel, the group's
Welkom bij de LinkedIn pagina van KPN. Sinds jaar en dag maakt KPN technologie toegankelijk. Hier leest u alles over de ontwikkelingen rondom de thema’s die KPN belangrijk vindt, zoals Het Nieuwe Leven & Werken, Veiligheid & Privacy en ICT-infrastructuur. Ook een transparante en betrouwbare dienstve
MTS Group
Mobile TeleSystems OJSC ("MTS") is the leading telecommunications group in Russia, Eastern Europe and Central Asia, offering mobile and fixed voice, broadband, pay TV as well as content and entertainment services in one of the world's fastest growing regions. Including its subsidiaries, as of Decemb
Globe is a leading full-service telecommunications company in the Philippines and publicly listed in the PSE with the stock symbol GLO. The company serves the telecommunications and technology needs of consumers and businesses across an entire suite of products and services including mobile, fixed,
TELUS
At TELUS, our purpose-driven team works together every day to innovate and do good. From providing technology solutions that make our lives safer and easier, to supporting those who need it most, our inclusive, spirited and giving people are passionate about empowering our customers, communities and
MEGACABLE
Mega es una empresa cien por ciento mexicana y líder en el sector de Telecomunicaciones, tenemos 45 años de servicio y casi 5 millones de suscriptores a quienes les ofrecemos los servicios de TV, internet, telefonía digital y móvil. Estamos en constante crecimiento, hoy en día tenemos presenci
Telecom Argentina
We are Telecom Argentina, a connectivity solutions and entertainment company with over 23,000 collaborators throughout the country. We transform the digital experience of our over 28 million customers providing them a secure, flexible and dynamic service on all of their devices, with high speed mobi
.png)
Orange CyberSecurity News
November 26, 2025 01:05 PM
Orange Jordan Reaffirms Its Commitment to Secure Digital Transformation by Supporting the C8 2025 Cybersecurity Advancement, Innovation, and Technology Conference - الأنباط
Orange Jordan announced its participation in The C8 2025 Conference and Exhibition on Cybersecurity Advancement, Innovation, and Technology, held under the...
November 24, 2025 11:53 AM
Orange Jordan Reaffirms Its Commitment to Secure Digital Transformation by Supporting the C8 2025 Cybersecurity Advancement, Innovation, and Technology Conference
Orange Jordan announced its participation in The C8 2025 Conference and Exhibition on Cybersecurity Advancement, Innovation, and Technology,...
November 20, 2025 08:00 AM
École Polytechnique partners with Orange to support cybersecurity and AI research
École Polytechnique and Orange have outlined priorities for the partnership including the creation of a joint center of excellence bringing...
November 20, 2025 08:00 AM
École Polytechnique accelerates in sovereign technologies in AI and cybersecurity with Orange Group
École Polytechnique and Orange Group have signed a strategic partnership to strengthen research, innovation, and training in artificial...
November 19, 2025 09:00 AM
Orange and École Polytechnique join forces to develop sovereign technologi…
Orange and École Polytechnique announce the signing of a strategic partnership aimed at strengthening research, innovation, and education in...
November 17, 2025 08:00 AM
Cyan AG and Orange Réunion Mayotte partner to launch new cybersecurity service in Réunion and Mayotte for B2B and B2C customers
EQS-News: cyan AG / Key word: Alliance/Contract cyan AG and Orange Réunion Mayotte partner to launch new cybersecurity service in Réunion...
November 17, 2025 07:00 AM
Cyan AG and Orange Reunion Mayotte Partner to Launch New Cybersecurity Service in Reunion and Mayotte for B2B and B2C Customers
cyan AG is joining forces with Orange Reunion Mayotte to strengthen the digital safety of Orange Reunion's subscribers.
October 20, 2025 07:00 AM
Orange Jordan sponsors “X META CTF” Hackathon to enhance youth cybersecurity skills
Orange Jordan expressed pride in sponsoring the hackathon, emphasizing that supporting youth in cybersecurity and developing their skills forms...
October 14, 2025 07:00 AM
European digital sovereignty: Orange steps up in the face of growing threats
As technological dependence grows and cyber threats multiply, the European Union has made digital sovereignty a top strategic priority.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Orange CyberSecurity History Information
Official Website of Orange
The official website of Orange is https://www.orange.com.
Orange’s AI-Generated Cybersecurity Score
According to Rankiteo, Orange’s AI-generated cybersecurity score is 537, reflecting their Critical security posture.
How many security badges does Orange’ have ?
According to Rankiteo, Orange currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Orange have SOC 2 Type 1 certification ?
According to Rankiteo, Orange is not certified under SOC 2 Type 1.
Does Orange have SOC 2 Type 2 certification ?
According to Rankiteo, Orange does not hold a SOC 2 Type 2 certification.
Does Orange comply with GDPR ?
According to Rankiteo, Orange is not listed as GDPR compliant.
Does Orange have PCI DSS certification ?
According to Rankiteo, Orange does not currently maintain PCI DSS compliance.
Does Orange comply with HIPAA ?
According to Rankiteo, Orange is not compliant with HIPAA regulations.
Does Orange have ISO 27001 certification ?
According to Rankiteo,Orange is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Orange
Orange operates primarily in the Telecommunications industry.
Number of Employees at Orange
Orange employs approximately 132,461 people worldwide.
Subsidiaries Owned by Orange
Orange presently has no subsidiaries across any sectors.
Orange’s LinkedIn Followers
Orange’s official LinkedIn profile has approximately 1,156,313 followers.
NAICS Classification of Orange
Orange is classified under the NAICS code 517, which corresponds to Telecommunications.
Orange’s Presence on Crunchbase
Yes, Orange has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/orange.
Orange’s Presence on LinkedIn
Yes, Orange maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/orange.
Cybersecurity Incidents Involving Orange
As of December 11, 2025, Rankiteo reports that Orange has experienced 10 cybersecurity incidents.
Number of Peer and Competitor Companies
Orange has an estimated 9,686 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Orange ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack, Ransomware and Breach.
How does Orange detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with the company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., and containment measures with identified and neutralised the majority of the unauthorised access, and communication strategy with posted a message on the social networking platform x, and and and containment measures with blocked access to the affected system, and remediation measures with strengthened security measures, and communication strategy with public statement, communication strategy with customer notifications via email and text message, communication strategy with dedicated web page for phishing awareness, and and and remediation measures with collaboration with affected companies, remediation measures with coordination with authorities, and communication strategy with advance notification to affected companies, communication strategy with public disclosure, and incident response plan activated with oui (mesures approuvées par l'ibpt), and third party assistance with ibpt (institut belge des services postaux et télécommunications), and containment measures with contrôle supplémentaire via sms de vérification pour les transferts de numéro, containment measures with possibilité d'annulation par le client en répondant 'stop', and remediation measures with évaluation périodique de la mesure par l'ibpt, remediation measures with adaptation si nécessaire, and communication strategy with avis publics via l'ibpt, communication strategy with messages sms aux clients concernés, communication strategy with recommandations de sécurité générales (double authentification, vigilance face aux messages suspects), and incident response plan activated with yes, and law enforcement notified with yes, and containment measures with isolation of potential attack, disruption of services, and remediation measures with gradual reopening of impacted services under heightened vigilance, and recovery measures with solutions implemented for service restoration by 2024-07-30, and communication strategy with public statement, customer advisories..
Incident Details
Can you provide details on each incident ?
Title: Cyber Attack on Orange and Nordnet
Description: Cyber attackers targeted Orange and its subsidiary internet provider Nordnet in France, affecting thousands of internet users across Europe amid the Ukraine-Russia war.
Type: Cyber Attack
Title: Orange S.A. Nefilim Ransomware Attack
Description: French telecommunications company Orange S.A. was targeted by a Nefilim ransomware group which resulted in data loss.
Type: Ransomware
Threat Actor: Nefilim ransomware group
Title: Data Breach at Orange Cyberdefense
Description: Orange Cyberdefense suffered a data breach incident after a popular forum offered data allegedly from their firm. The data in the sample included Contact Name, Email, Phone Number, Company Name, and Solution Name. The listing also offered to sell access to Orange Cyberdefense’s servers.
Type: Data Breach
Motivation: Data Theft, Financial Gain
Title: Hack Targeting Orange's Spanish Business
Description: An unknown number of consumers were unable to access specific websites as a result of a hack that targeted Orange's Spanish business, a telecom operator. Orange successfully identified and neutralised the majority of the unauthorised access to its IP network coordination centre. The French corporation said that there was no risk to client data in a message posted on the social networking platform X.
Type: Hack
Title: Orange Telecommunications Breach by Babuk Ransomware
Description: Major telecommunications provider Orange suffered a severe security breach by the Babuk ransomware gang, resulting in the theft of 4.5 TB of sensitive data. The compromised data includes customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, and other personal information. This cyberattack has put both customers and the company at significant risk, impacting the confidentiality, integrity, and availability of valuable data.
Type: Data Breach, Ransomware
Threat Actor: Babuk ransomware gang
Title: Orange Belgium Cyberattack Compromising Customer Data
Description: Orange Belgium announced a cyberattack discovered at the end of July 2023 that compromised data from 850,000 customer accounts. The hacker accessed an IT system containing non-critical customer data, including names, telephone numbers, SIM card numbers, PUK codes, and tariff plans. The company blocked access to the affected system, strengthened security measures, and alerted authorities. Customers were notified via email and text message and advised to watch for phishing attempts.
Date Detected: Late July 2023 (exact date unspecified)
Date Publicly Disclosed: Wednesday, August 2, 2023 (approximate, based on announcement timing)
Type: Data Breach
Title: Orange Business Services U.S., Inc. Data Breach (2022)
Description: The Maine Office of the Attorney General reported that on March 17, 2022, Orange Business Services U.S., Inc. (OBS) learned of a data breach involving unauthorized access to several Orange Silicon Valley, LLC (OSV) servers, which occurred on January 4, 2022. The breach affected 6,567 individuals, including 9 residents of Maine, whose information included Social Security numbers.
Date Detected: 2022-03-17
Type: Data Breach
Title: Ransomware Hack Hits Orange Telecom, Data Published on Dark Web
Description: A criminal hacking gang (Warlock) stole business customer data from French telecommunications company Orange SA and published ~4GB of data on the dark web in mid-August 2025. The breach was disclosed to authorities in late July 2025. Orange confirmed the data was outdated or low-sensitivity and had informed affected companies in advance. This follows separate incidents in July (Belgian customer data breach) and another involving employee data in Romania published on the dark web.
Date Detected: 2025-07-01T00:00:00Z
Date Publicly Disclosed: 2025-07-31T00:00:00Z
Type: ransomware
Attack Vector: ransomware (Warlock)system compromise
Threat Actor: Warlock (ransomware-as-a-service group)
Motivation: financial gaindata theft
Title: Cyberattaque ciblant Orange Belgium avec risque de vol de numéros de téléphone
Description: Une cyberattaque a visé les systèmes informatiques d'Orange Belgium, entraînant un risque de vol de numéros de téléphone par des escrocs utilisant des données personnelles de clients pour usurper leur identité. L'IBPT (Institut Belge des services Postaux et Télécommunications) a approuvé une mesure de contrôle supplémentaire : un SMS de vérification envoyé aux clients en cas de demande de transfert de numéro, permettant d'annuler la demande en répondant 'STOP' si elle est frauduleuse. Le message est envoyé depuis le numéro 5000 (particuliers) ou 5995 (professionnels).
Type: Cyberattaque
Attack Vector: Exploitation de données personnelles voléesIngénierie socialeSIM swapping
Vulnerability Exploited: Faiblesse dans les procédures de vérification d'identitéAccès non autorisé aux données clients
Threat Actor: Escrocs / Cybercriminels (non identifiés)
Motivation: Fraude financièreVol d'identitéAccès non autorisé à des comptes en ligne
Title: Cyberattack on Orange Information Systems
Description: Orange detected a cyberattack on its information systems, leading to the isolation of potential threats and disruption of certain services for corporate and consumer customers, primarily in France. No evidence of data extraction was found at the time of the investigation.
Date Detected: 2024-07-25
Date Resolved: 2024-07-30
Type: Cyberattack
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyber Attack ORA2548322
Systems Affected: Internet Services
Incident : Ransomware ORA2911822
Data Compromised: Data from about 20 customers on its virtual hosting service was accessed.
Incident : Data Breach ORA2131141122
Data Compromised: Contact name, Email, Phone number, Company name, Solution name
Incident : Hack ORA214221124
Systems Affected: IP network coordination centre
Operational Impact: Consumers unable to access specific websites
Incident : Data Breach, Ransomware ORA625031825
Data Compromised: Customer records, Email addresses, User data, Source code, Invoices, Internal documents, Contracts, Employee details, Credit cards, Messages, Call logs, Other personal information
Incident : Data Breach ORA529082025
Data Compromised: Customer names (first and last), Telephone numbers, Sim card numbers, Puk (personal unblocking key) codes, Tariff plans
Systems Affected: An IT system containing customer data
Brand Reputation Impact: Potential risk due to exposure of customer data and phishing warnings
Identity Theft Risk: Low (no critical data like passwords, emails, or financial details compromised, but PUK codes could enable SIM swapping)
Payment Information Risk: None (no banking or financial details exposed)
Incident : Data Breach ORA957082125
Data Compromised: Social security numbers
Systems Affected: Orange Silicon Valley, LLC (OSV) servers
Identity Theft Risk: High (Social Security numbers exposed)
Incident : ransomware ORA751082525
Data Compromised: Business customer data, Outdated/low-sensitivity data
Systems Affected: internal systems
Operational Impact: limited
Brand Reputation Impact: moderate (public disclosure of breach)
Identity Theft Risk: low (data described as outdated/low-sensitivity)
Incident : Cyberattaque ORA814090225
Data Compromised: Données personnelles des clients (non précisées), Numéros de téléphone
Systems Affected: Systèmes informatiques d'Orange Belgium (partiellement)Procédures de transfert de numéro
Operational Impact: Renforcement des contrôles de sécurité pour les transferts de numéroCommunication accrue avec les clients
Brand Reputation Impact: Risque de perte de confiance des clientsNécéssité de mesures correctives publiques
Identity Theft Risk: ["Élevé (vol de numéros de téléphone pour usurpation d'identité)"]
Payment Information Risk: ["Risque accru via l'accès aux codes de vérification envoyés par SMS"]
Incident : Cyberattack ORA1764727825
Data Compromised: No evidence of data extraction
Systems Affected: Information systems, management platforms
Downtime: Disruption of services until 2024-07-30
Operational Impact: Disruption of corporate and consumer services, primarily in France
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Contact Name, Email, Phone Number, Company Name, Solution Name, , Customer Records, Email Addresses, User Data, Source Code, Invoices, Internal Documents, Contracts, Employee Details, Credit Cards, Messages, Call Logs, Other Personal Information, , Personal Data (Names, Telephone Numbers), Sim-Related Data (Sim Card Numbers, Puk Codes), Service Data (Tariff Plans), , Personally Identifiable Information (Pii), , Business Customer Data, Outdated Data, Low-Sensitivity Data, , Données Personnelles (Non Détaillées), Numéros De Téléphone and .
Which entities were affected by each incident ?
Incident : Cyber Attack ORA2548322
Entity Name: Orange
Entity Type: Company
Industry: Telecommunications
Location: France
Customers Affected: 9000
Incident : Cyber Attack ORA2548322
Entity Name: Nordnet
Entity Type: Company
Industry: Internet Service Provider
Location: France
Customers Affected: 9000
Incident : Ransomware ORA2911822
Entity Name: Orange S.A.
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: France
Customers Affected: 20
Incident : Data Breach ORA2131141122
Entity Name: Orange Cyberdefense
Entity Type: Company
Industry: Cybersecurity
Incident : Hack ORA214221124
Entity Name: Orange
Entity Type: Telecom Operator
Industry: Telecommunications
Location: Spain
Customers Affected: Unknown number
Incident : Data Breach, Ransomware ORA625031825
Entity Name: Orange
Entity Type: Telecommunications provider
Industry: Telecommunications
Incident : Data Breach ORA529082025
Entity Name: Orange Belgium
Entity Type: Telecommunications Provider
Industry: Telecommunications
Location: Belgium
Customers Affected: 850,000
Incident : Data Breach ORA957082125
Entity Name: Orange Business Services U.S., Inc. (OBS)
Entity Type: Corporation
Industry: Telecommunications / IT Services
Location: United States
Customers Affected: 6,567 individuals (including 9 Maine residents)
Incident : Data Breach ORA957082125
Entity Name: Orange Silicon Valley, LLC (OSV)
Entity Type: Subsidiary
Industry: Telecommunications / IT Services
Location: Silicon Valley, California, USA
Incident : ransomware ORA751082525
Entity Name: Orange SA
Entity Type: telecommunications
Industry: telecommunications
Location: France (HQ: Paris)
Size: large enterprise
Incident : ransomware ORA751082525
Entity Name: Orange Belgium
Entity Type: subsidiary
Industry: telecommunications
Location: Belgium
Customers Affected: 850,000 (separate incident in July 2025)
Incident : ransomware ORA751082525
Entity Name: Orange Romania
Entity Type: subsidiary
Industry: telecommunications
Location: Romania
Incident : Cyberattaque ORA814090225
Entity Name: Orange Belgium
Entity Type: Opérateur télécom
Industry: Télécommunications
Location: Belgique
Customers Affected: Clients particuliers et professionnels (nombre non précisé)
Incident : Cyberattack ORA1764727825
Entity Name: Orange
Entity Type: Telecoms
Industry: Telecommunications
Location: France
Customers Affected: Corporate customers and some consumer services
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware ORA2911822
Containment Measures: The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems.
Incident : Hack ORA214221124
Containment Measures: Identified and neutralised the majority of the unauthorised access
Communication Strategy: Posted a message on the social networking platform X
Incident : Data Breach ORA529082025
Incident Response Plan Activated: True
Containment Measures: Blocked access to the affected system
Remediation Measures: Strengthened security measures
Communication Strategy: Public statementCustomer notifications via email and text messageDedicated web page for phishing awareness
Incident : ransomware ORA751082525
Incident Response Plan Activated: True
Remediation Measures: collaboration with affected companiescoordination with authorities
Communication Strategy: advance notification to affected companiespublic disclosure
Incident : Cyberattaque ORA814090225
Incident Response Plan Activated: Oui (mesures approuvées par l'IBPT)
Third Party Assistance: Ibpt (Institut Belge Des Services Postaux Et Télécommunications).
Containment Measures: Contrôle supplémentaire via SMS de vérification pour les transferts de numéroPossibilité d'annulation par le client en répondant 'STOP'
Remediation Measures: Évaluation périodique de la mesure par l'IBPTAdaptation si nécessaire
Communication Strategy: Avis publics via l'IBPTMessages SMS aux clients concernésRecommandations de sécurité générales (double authentification, vigilance face aux messages suspects)
Incident : Cyberattack ORA1764727825
Incident Response Plan Activated: Yes
Law Enforcement Notified: Yes
Containment Measures: Isolation of potential attack, disruption of services
Remediation Measures: Gradual reopening of impacted services under heightened vigilance
Recovery Measures: Solutions implemented for service restoration by 2024-07-30
Communication Strategy: Public statement, customer advisories
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Oui (mesures approuvées par l'IBPT), Yes.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through IBPT (Institut Belge des services Postaux et Télécommunications), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ORA2131141122
Type of Data Compromised: Contact name, Email, Phone number, Company name, Solution name
Personally Identifiable Information: Contact NameEmailPhone Number
Incident : Data Breach, Ransomware ORA625031825
Type of Data Compromised: Customer records, Email addresses, User data, Source code, Invoices, Internal documents, Contracts, Employee details, Credit cards, Messages, Call logs, Other personal information
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : Data Breach ORA529082025
Type of Data Compromised: Personal data (names, telephone numbers), Sim-related data (sim card numbers, puk codes), Service data (tariff plans)
Number of Records Exposed: 850,000
Sensitivity of Data: Moderate (no critical data like passwords or financial details, but PUK codes are sensitive)
Personally Identifiable Information: NamesTelephone numbers
Incident : Data Breach ORA957082125
Type of Data Compromised: Personally identifiable information (pii)
Number of Records Exposed: 6,567
Sensitivity of Data: High
Data Exfiltration: Yes (unauthorized access)
Personally Identifiable Information: Social Security numbers
Incident : ransomware ORA751082525
Type of Data Compromised: Business customer data, Outdated data, Low-sensitivity data
Sensitivity of Data: low
Data Encryption: True
Incident : Cyberattaque ORA814090225
Type of Data Compromised: Données personnelles (non détaillées), Numéros de téléphone
Sensitivity of Data: Élevée (risque d'usurpation d'identité et de fraude)
Data Exfiltration: Probable (utilisation des données par des escrocs)
Personally Identifiable Information: Numéros de téléphoneAutres données personnelles (non spécifiées)
Incident : Cyberattack ORA1764727825
Data Exfiltration: No evidence of data extraction
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Strengthened security measures, , collaboration with affected companies, coordination with authorities, , Évaluation périodique de la mesure par l'IBPT, Adaptation si nécessaire, , Gradual reopening of impacted services under heightened vigilance.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by the company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., identified and neutralised the majority of the unauthorised access, , blocked access to the affected system, , contrôle supplémentaire via sms de vérification pour les transferts de numéro, possibilité d'annulation par le client en répondant 'stop', , isolation of potential attack and disruption of services.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware ORA2911822
Ransomware Strain: Nefilim
Incident : ransomware ORA751082525
Ransomware Strain: Warlock
Data Encryption: True
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Solutions implemented for service restoration by 2024-07-30.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach ORA529082025
Legal Actions: Official complaint filed with judicial authorities,
Regulatory Notifications: Relevant authorities alerted
Incident : Data Breach ORA957082125
Regulatory Notifications: Maine Office of the Attorney General
Incident : ransomware ORA751082525
Regulatory Notifications: French national authorities (disclosed late July 2025)
Incident : Cyberattaque ORA814090225
Regulatory Notifications: Notification et collaboration avec l'IBPT pour les mesures correctives
Incident : Cyberattack ORA1764727825
Legal Actions: Complaint filed
Regulatory Notifications: Relevant authorities alerted
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Official complaint filed with judicial authorities, , Complaint filed.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Cyberattaque ORA814090225
Lessons Learned: Nécessité de renforcer les procédures de vérification d'identité pour les transferts de numéro, Importance de la communication proactive avec les clients en cas de risque de fraude, Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité
What recommendations were made to prevent future incidents ?
Incident : Data Breach ORA529082025
Recommendations: Customers advised to monitor for phishing attempts, Company likely reviewing access controls and system segmentationCustomers advised to monitor for phishing attempts, Company likely reviewing access controls and system segmentation
Incident : Cyberattaque ORA814090225
Recommendations: Activer la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphoneActiver la double authentification pour les services en ligne, Limiter la publication d'informations personnelles sur les réseaux sociaux, Être vigilant face aux appels ou messages suspects, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Surveiller les activités suspectes sur les comptes liés au numéro de téléphone
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Nécessité de renforcer les procédures de vérification d'identité pour les transferts de numéro,Importance de la communication proactive avec les clients en cas de risque de fraude,Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité.
References
Where can I find more information about each incident ?
Incident : Hack ORA214221124
Source: Social networking platform X
Incident : Data Breach ORA529082025
Source: Orange Belgium Public Statement
Date Accessed: August 2023
Incident : Data Breach ORA957082125
Source: Maine Office of the Attorney General
Incident : Cyberattaque ORA814090225
Source: IBPT (Institut Belge des services Postaux et Télécommunications)
Incident : Cyberattack ORA1764727825
Source: Orange Statement
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Social networking platform X, and Source: Orange Belgium Public StatementDate Accessed: August 2023, and Source: Maine Office of the Attorney General, and Source: BloombergDate Accessed: 2025-01-01, and Source: Orange SA spokesperson statementDate Accessed: 2025-08-15, and Source: IBPT (Institut Belge des services Postaux et Télécommunications), and Source: Orange Statement.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach ORA529082025
Investigation Status: Ongoing (no updates on root cause or relation to Orange Group incident)
Incident : ransomware ORA751082525
Investigation Status: ongoing (as of August 2025)
Incident : Cyberattaque ORA814090225
Investigation Status: Mesures correctives en cours (évaluation périodique par l'IBPT)
Incident : Cyberattack ORA1764727825
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Posted A Message On The Social Networking Platform X, Public Statement, Customer Notifications Via Email And Text Message, Dedicated Web Page For Phishing Awareness, Advance Notification To Affected Companies, Public Disclosure, Avis Publics Via L'Ibpt, Messages Sms Aux Clients Concernés, Recommandations De Sécurité Générales (Double Authentification, Vigilance Face Aux Messages Suspects), Public statement and customer advisories.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach ORA529082025
Stakeholder Advisories: Customers Notified Via Email And Text Message.
Customer Advisories: Warning about potential phishing attemptsDedicated web page for guidance
Incident : ransomware ORA751082525
Stakeholder Advisories: Affected Companies Notified In Advance.
Incident : Cyberattaque ORA814090225
Stakeholder Advisories: Avis Public De L'Ibpt Sur Les Risques De Fraude, Recommandations De Sécurité Pour Tous Les Utilisateurs De Services Télécoms.
Customer Advisories: SMS de vérification envoyé depuis le 5000 (particuliers) ou 5995 (professionnels) en cas de demande de transfert de numéroInstructions pour annuler une demande frauduleuse en répondant 'STOP'Conseils généraux de sécurité (double authentification, vigilance)
Incident : Cyberattack ORA1764727825
Customer Advisories: Affected customers informed and supported
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers Notified Via Email And Text Message, Warning About Potential Phishing Attempts, Dedicated Web Page For Guidance, , Affected Companies Notified In Advance, Avis Public De L'Ibpt Sur Les Risques De Fraude, Recommandations De Sécurité Pour Tous Les Utilisateurs De Services Télécoms, Sms De Vérification Envoyé Depuis Le 5000 (Particuliers) Ou 5995 (Professionnels) En Cas De Demande De Transfert De Numéro, Instructions Pour Annuler Une Demande Frauduleuse En Répondant 'Stop', Conseils Généraux De Sécurité (Double Authentification, Vigilance), and Affected customers informed and supported.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : ransomware ORA751082525
High Value Targets: Business Customer Data,
Data Sold on Dark Web: Business Customer Data,
Incident : Cyberattaque ORA814090225
High Value Targets: Données Clients (Numéros De Téléphone Et Informations Personnelles),
Data Sold on Dark Web: Données Clients (Numéros De Téléphone Et Informations Personnelles),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach ORA529082025
Corrective Actions: Strengthened Security Measures (Unspecified),
Incident : Cyberattaque ORA814090225
Root Causes: Failles Dans La Protection Des Données Clients, Procédures De Vérification Insuffisantes Pour Les Transferts De Numéro,
Corrective Actions: Ajout D'Un Contrôle Sms Pour Les Transferts De Numéro, Évaluation Périodique Par L'Ibpt, Sensibilisation Des Clients,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Ibpt (Institut Belge Des Services Postaux Et Télécommunications), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Strengthened Security Measures (Unspecified), , Ajout D'Un Contrôle Sms Pour Les Transferts De Numéro, Évaluation Périodique Par L'Ibpt, Sensibilisation Des Clients, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Nefilim ransomware group, Babuk ransomware gang, Warlock (ransomware-as-a-service group) and Escrocs / Cybercriminels (non identifiés).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on Late July 2023 (exact date unspecified).
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-07-31T00:00:00Z.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2024-07-30.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Data from about 20 customers on its virtual hosting service was accessed., Contact Name, Email, Phone Number, Company Name, Solution Name, , customer records, email addresses, user data, source code, invoices, internal documents, contracts, employee details, credit cards, messages, call logs, other personal information, , Customer names (first and last), Telephone numbers, SIM card numbers, PUK (Personal Unblocking Key) codes, Tariff plans, , Social Security numbers, , business customer data, outdated/low-sensitivity data, , Données personnelles des clients (non précisées), Numéros de téléphone, and No evidence of data extraction.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were IP network coordination centre and An IT system containing customer data and Orange Silicon Valley, LLC (OSV) servers and internal systems and Systèmes informatiques d'Orange Belgium (partiellement)Procédures de transfert de numéro and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was ibpt (institut belge des services postaux et télécommunications), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were The company's security team was mobilized to identify the origin of the attack and put in place all necessary solutions required to ensure the security of its systems., Identified and neutralised the majority of the unauthorised access, Blocked access to the affected system, Contrôle supplémentaire via SMS de vérification pour les transferts de numéroPossibilité d'annulation par le client en répondant 'STOP', Isolation of potential attack and disruption of services.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were contracts, Telephone numbers, Données personnelles des clients (non précisées), Social Security numbers, Phone Number, employee details, user data, email addresses, outdated/low-sensitivity data, Customer names (first and last), Email, Data from about 20 customers on its virtual hosting service was accessed., other personal information, internal documents, PUK (Personal Unblocking Key) codes, Contact Name, credit cards, messages, source code, Numéros de téléphone, Tariff plans, SIM card numbers, invoices, Company Name, customer records, Solution Name, No evidence of data extraction, call logs and business customer data.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 856.6K.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Official complaint filed with judicial authorities, , Complaint filed.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Sensibilisation accrue des utilisateurs aux risques de SIM swapping et d'usurpation d'identité.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Activer la double authentification pour les services en ligne, Company likely reviewing access controls and system segmentation, Répondre 'STOP' aux SMS de vérification non sollicités pour les transferts de numéro, Limiter la publication d'informations personnelles sur les réseaux sociaux, Customers advised to monitor for phishing attempts, Être vigilant face aux appels ou messages suspects and Surveiller les activités suspectes sur les comptes liés au numéro de téléphone.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Social networking platform X, Orange Belgium Public Statement, Bloomberg, Orange Statement, Maine Office of the Attorney General, Orange SA spokesperson statement and IBPT (Institut Belge des services Postaux et Télécommunications).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (no updates on root cause or relation to Orange Group incident).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers notified via email and text message, affected companies notified in advance, Avis public de l'IBPT sur les risques de fraude, Recommandations de sécurité pour tous les utilisateurs de services télécoms, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Warning about potential phishing attemptsDedicated web page for guidance, SMS de vérification envoyé depuis le 5000 (particuliers) ou 5995 (professionnels) en cas de demande de transfert de numéroInstructions pour annuler une demande frauduleuse en répondant 'STOP'Conseils généraux de sécurité (double authentification, vigilance) and Affected customers informed and supported.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Failles dans la protection des données clientsProcédures de vérification insuffisantes pour les transferts de numéro.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Strengthened security measures (unspecified), Ajout d'un contrôle SMS pour les transferts de numéroÉvaluation périodique par l'IBPTSensibilisation des clients.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=orange' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
