French Company Bouygues Telecom Faces Data Breach Affecting 6.4 Million Customers

Data Breach at Bouygues Telecom Affects 6.4 Million Customers

Pierluigi Paganini
August 08, 2025

Bouygues Telecom Reports Cyberattack Compromising Customer Data

Bouygues Telecom has confirmed that it experienced a significant cyberattack, resulting in the exposure of personal information of approximately 6.4 million of its customers. This French telecommunications provider, a subsidiary of the industrial conglomerate Bouygues, offers a range of services including mobile, internet, and IPTV. Established in 1994, it ranks as the third-oldest mobile operator in France, serving over 23 million clients and actively developing its 5G capabilities.

The incident was detected on August 4, when Bouygues Telecom identified unauthorized access to personal data associated with various subscriptions. In response, the company has begun notifying the affected individuals via email and text message while implementing immediate measures to mitigate the attack and bolster its cybersecurity defenses.

The breach has raised concerns about the types of data compromised, which includes contact information, contract details, and civil status data. Notably, the company assured customers that their bank card numbers and account passwords remained secure. In a statement, the firm highlighted that although IBANs were accessible, they alone cannot facilitate unauthorized transactions without further consent and emphasized the importance of monitoring for any unauthorized direct debits.

Customers are advised to exercise caution against potential fraudulent activities, such as phishing attempts masquerading as communications from Bouygues Telecom or their banking institutions. The risk of social engineering attacks is pronounced, whereby criminals may leverage the stolen data to deceive individuals into providing sensitive information or financial details. Bouygues Telecom recommends a vigilant approach, advising customers to remain skeptical of unsolicited calls, particularly those claiming to be from bank representatives.

Bouygues Telecom’s situation mirrors a recent cyber incident involving another major French telecommunications provider, Orange, which reported a cyberattack on July 25 that affected its internal systems. Orange quickly took action to isolate the compromised systems, though the aftermath resulted in service disruptions for some corporate and residential clients.

While the perpetrators behind the Orange attack have not been publicly identified, speculation suggests possible ties to advanced persistent threat (APT) groups, particularly ones associated with operations that originate from state-sponsored actors in China. Such incidents reflect an increasing trend of cyber threats faced by telecommunications companies, suggesting a broader pattern in cybersecurity challenges facing the sector.

In analyzing the Bouygues Telecom breach through the lens of the MITRE ATT&CK framework, tactics related to initial access and data exfiltration may have been employed by the attackers. Possible techniques could include exploiting vulnerabilities in the company’s network or employing social engineering methods to gain access to sensitive data.

Business owners in the telecommunications sector should view this incident as a critical reminder of the evolving landscape of cybersecurity threats, prompting a reassessment of their own vulnerability management strategies. Regularly reviewing security protocols and engaging in proactive risk assessment can be instrumental in mitigating the likelihood of similar breaches.

For ongoing updates on this story and more cybersecurity news, follow Pierluigi Paganini on Twitter and other social media channels for the latest insights into protecting business data from cyber threats.

(Source: SecurityAffairs – Bouygues Telecom Incident)


Source link