French telecom Orange breach claimed by hackers: researchers reviewed the provided data sample

March 2025 by Babuk ransomware

Babuk ransomware, a cybercrime ring that targets major enterprises, has posted unverified claims about a massive data breach at Orange, a major telecom. Cybernews researchers who reviewed the provided sample believe the claims might be credible.

"The leaked data presents serious risks to both employees and the organization, exposing sensitive personal and corporate information that could lead to identity theft, targeted attacks, and further exploitation by malicious actors," said Neringa Macijauskaitė, Information Security Researcher at Cybernews.

The data sample suggests the claims might be credible

The provided data sample suggests that claims about a potential breach at Orange might be credible, according to the Cybernews research team that reviewed the sample.

The threat actor uploaded a 6.44GB Orange data sample with thousands of Orange internal documents. Some files include employee data, like names, usernames, email addresses, and time zones, as well as a list of various Jira projects related to the Orange.ro domain. Jira is project management software for tracking and managing tasks, bugs, and other work-related issues.

One folder called "issues" contains 235 files detailing tasks related to system configuration, monitoring setup, user management, feature development, and others.

It also contains a file named "pii_extracted" with email addresses from orange.com, tremend.com/ro, and publicissapien.com domains, along with some phone numbers.

Another folder called "Files" contains around 8,600 internal documents.

The filenames suggest sensitive information such as customer conversations, financial data such as balances, invoices, conversion rates, and other employee and client information.