CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Orange Belgium Data Breach Exposes Customer Information

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

Orange Belgium, a telecommunications subsidiary of the Orange Group, disclosed a data breach impacting approximately 850,000 customers. The breach occurred in July 2025, compromising customer account information, including names, telephone numbers, SIM card numbers, PUK codes, and tariff plans. The attackers did not access passwords, email addresses, or financial information. Orange Belgium is notifying affected customers and advising them to remain vigilant against potential fraud. The breach is unrelated to recent cyberattacks targeting telecom companies worldwide, including a separate incident affecting Orange Group's French customers in July 2025. Orange Belgium has not named the threat group responsible due to an ongoing investigation.

Timeline

  1. 21.08.2025 10:07 πŸ“° 1 articles Β· ⏱ 26d ago

    Orange Belgium Data Breach Disclosed

    On August 21, 2025, Orange Belgium disclosed a data breach impacting approximately 850,000 customers. The breach occurred in late July 2025, compromising customer account information, including names, telephone numbers, SIM card numbers, PUK codes, and tariff plans. The attackers did not access passwords, email addresses, or financial information. Orange Belgium is notifying affected customers and advising them to remain vigilant against potential fraud.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Ransomware Attack on Pennsylvania Attorney General's Office

The Pennsylvania Attorney General's Office suffered a ransomware attack that has caused a three-week service outage. The attack encrypted files, disrupting systems and services, including the public website, email accounts, and landline phones. The office refused to pay the ransom. The investigation is ongoing, and the extent of data exfiltration is unknown. The attack began on August 11, 2025. The office is partially recovering services, but the website remains inaccessible. Courts have issued time extensions for ongoing cases. The impact on criminal prosecutions, investigations, or civil proceedings is expected to be minimal.

Open in new tab

UNC6395 Exploits Salesloft OAuth Tokens to Exfiltrate Salesforce Data

UNC6395 exploited Salesloft OAuth tokens to exfiltrate data from Salesforce instances. The campaign, active from August 8 to 18, 2025, targeted over 700 organizations, exporting credentials and sensitive information. Zscaler, Palo Alto Networks, Cloudflare, Google, PagerDuty, Proofpoint, SpyCloud, Tanium, and Workiva were impacted by the breach, exposing customer information. Salesloft and Salesforce have taken remediation steps, and the threat actor demonstrated operational security awareness. The breach involved exporting large volumes of data from Salesforce instances, including AWS access keys, passwords, and Snowflake tokens. The actor deleted query jobs to cover tracks. Salesloft has revoked connections and advised customers to re-authenticate Salesforce integrations. The campaign may indicate a broader supply chain attack strategy. Salesloft has engaged Mandiant and Coalition for investigation and remediation. Drift customers are urged to update API keys for connected integrations. Salesforce removed the Drift application from the Salesforce AppExchange until further notice. Google has revealed that the campaign impacts all integrations, including Google Workspace email accounts, and has taken steps to mitigate the risk. Salesloft is temporarily taking Drift offline to review the application and build additional security measures. Okta successfully prevented a breach of its Salesforce instance by enforcing inbound IP restrictions, securing tokens with DPoP, and using the IPSIE framework. Okta recommends that organizations demand IPSIE integration from application vendors and implement an identity security fabric unified across applications.

Open in new tab

Farmers Insurance data breach via compromised Salesforce vendor

Farmers Insurance disclosed a data breach affecting 1.1 million customers. The breach occurred on May 29, 2025, when an unauthorized actor accessed a third-party vendor's database containing customer information. The vendor, identified as Salesforce, was targeted by threat actors classified as UNC6040 or UNC6240, who used social engineering and voice phishing (vishing) to gain access. The stolen data includes names, addresses, dates of birth, driver's license numbers, and the last four digits of Social Security numbers. Farmers Insurance began notifying impacted individuals on August 22, 2025. The breach was discovered on May 30, 2025, and the vendor had monitoring tools that detected the suspicious activity and took containment measures. Farmers Insurance launched a comprehensive investigation and is providing affected individuals with two years of complimentary identity monitoring services.

Open in new tab

Data breach at Auchan exposes personal information of hundreds of thousands of customers

French retailer Auchan has disclosed a data breach affecting hundreds of thousands of customers. The breach exposed personal information associated with loyalty accounts, including names, addresses, email addresses, phone numbers, and loyalty card numbers. No bank data, passwords, or PINs were compromised. The incident has been reported to the French Data Protection Authority (CNIL). The company is advising customers to be vigilant against potential phishing attacks using the stolen information. The breach follows similar incidents involving other large French entities, but no evidence suggests a coordinated campaign. This is the second data breach Auchan has disclosed over the past year.

Open in new tab