Orange, the major multinational telecom operator, experienced a significant data breach in July/August 2025 with impacts spanning different business units across Europe:
Orange Belgium suffered unauthorized access to one of its IT systems, which exposed personal data of about 850,000 customers. The compromised data included names, phone numbers, SIM card numbers, PUK codes, and tariff plans. Importantly, critical details such as passwords, email addresses, and banking information were not affected.
The breach was detected in late July, triggering a swift response: systems were isolated, law enforcement notified, and customers were warned to watch for phishing. Orange Belgium tightened security controls and clarified that the stolen metadata could raise risks like SIM-swap fraud, but new verification procedures have been implemented to block such attacks. Customers were notified via SMS or email and provided guidance on security best practices.
Orange France also confirmed a security incident affecting internal business systems in July 2025. While this event caused disruptions to some services, Orange states there was no evidence of customer or internal data exfiltration as of their latest update. Orange immediately launched incident response procedures and filed complaints with relevant authorities.
Dark Web Data Leak: Despite early denials of data exfiltration, cybercriminal group “Warlock” was reported to have stolen business customer data from Orange and leaked approximately 4GB of it onto the dark web in mid-August 2025. The leaked data is believed to pertain primarily to business customers, yet details remain under investigation.
Orange Romania: In a separate breach in February 2025, Orange Romania experienced a leak of data for over 550,000 accounts, including email addresses, subscription details, phone numbers, and some partial payment card information. This breach was not directly linked to the Belgium or France incidents but signals a broader pattern of targeting telecommunications operators in Europe.
Type of Data Exposed
The stolen data included
- Full names
- Mobile phone numbers
- SIM card numbers
- PUK codes (used to unlock SIM cards)
- Tariff plan information
Importantly, no passwords, email addresses, or banking/credit card data were compromised in this breach
Summary:
The Orange data breach in July 2025 is among the most impactful telecom incidents in Europe this year, affecting hundreds of thousands of customers and involving both service disruption and dark web leaks. While no passwords or financial data were exposed in the Belgium incident, the available metadata is valuable for SIM swap and phishing attacks, prompting urgent defensive actions by Orange and advisories for customer vigilance.
