Bouygues Telecom, France’s third-largest phone carrier, has confirmed a data breach which exposed personal data belonging to millions of customers across the country.
The company, which provides mobile, broadband, and digital TV services, said it discovered the breach, affecting 6.4 million of its 27 million customers, earlier this week.
It acted quickly to halt the attack and tighten its security procedures, the bank said in a statement, and is in the process of contacting those affected.
The data exposed in the breach includes contact details, contractual data, civil status data or, in the case of business customers, company data, as well as International Bank Account Numbers (IBANs).
Bouygues Telecom said bank card numbers and passwords were not affected.
“This situation could expose you to fraud attempts: fraudulent emails or calls. By using your information, a fraudster could pretend to be Bouygues Telecom or another company (bank, insurance company, etc.) and try, for example, to obtain additional information such as your credit card number or your usernames and passwords. We recommend that you be particularly vigilant,” the firm told customers.
“Never share your usernames and passwords. Be particularly wary of calls from fake bank advisors who may try to gain your trust by giving your name or account number. If in doubt, end the call and call your bank or bank advisor back at their usual number.”
While the leaked IBAN numbers aren’t enough to allow attackers to carry out transactions such as direct debits or transfers, the company is warning customers to check withdrawals and be wary of phishing attempts citing their bank and account number.
The company said it has notified France’s data protection authority, the CNIL, and national cybersecurity agency the Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI).
Bouygues Telecom is the latest french telecoms company to be hit with a data breach in recent weeks. Late last month, Orange announced that it had fallen victim to a cyber attack.
In this case, personal data doesn’t appear to have been stolen, although the company was forced to warn its customers worldwide that service disruptions were likely as it worked to fix the issue.
It’s not known who was responsible, or whether the two incidents were the work of the same hackers. However, similar attacks on US phone providers have been attributed to the China-linked Salt Typhoon hacking group.
Earlier this year, ANSSI issued a warning that the telecoms sector was under what it described as an ‘intense’ threat, citing incidents including a DDoS attack on OVH and suggesting that they were the work of Chinese groups.
“Cyber attacks are very common and affect any company, despite all existing security tools and procedures. We are constantly evolving our security procedures to address the constantly evolving attackers’ methods,” said Bouygues Telecom.
“Thanks to the responsiveness of our technical teams, we were able to resolve this incident and notify our customers as quickly as possible. Protecting our customers’ data is a priority at Bouygues Telecom.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
