Orange Belgium announced on Wednesday that it had discovered a cyberattack at the end of July that compromised data from 850,000 customer accounts.
The Belgian subsidiary stated “no critical data was compromised: no passwords, email addresses, banking or financial details were hacked,” however it warned: “The hacker has gained access to one of our IT systems that contains the following data: name, first name, telephone number, SIM card number, PUK code, tariff plan.”
PUK (Personal Unblocking Key) codes are 8-digit security codes that allow customers to unblock their SIM cards if they enter the wrong PIN multiple times, the company advised.
The company did not immediately respond to questions about the timing of the incident’s discovery and disclosure, but in its statement it said its teams “blocked access to the affected system and strengthened our security measures” as soon as it was identified. “Orange Belgium also alerted the relevant authorities and filed an official complaint with the judicial authorities,” it added.
The attack follows its parent company Orange Group detecting a cyberattack affecting one of its internal systems on July 25. At the time, Orange Group said there was no evidence any customer data had been extracted. Orange did not say whether these incidents were related and has not updated its earlier statement. The nature of either of the attacks has not been disclosed.
The Belgian subsidiary’s affected customers are being notified by email and text message, the official statement added, and are being urged to be alert for phishing attempts on a dedicated web page.
Recorded Future
Intelligence Cloud.
Learn more.