Bouygues Telecom data breach could affect millions of customers - here's what we know

News
By published

Hackers break into French telco giant and stole customer data

Zero-day attack
(Image credit: Shutterstock) (Image credit: Shutterstock.com)
  • Unidentified hackers broke into Bouygues Telecom systems
  • The hackers stole names, contract data, and more
  • Bouygues Telecom urges victims to be wary of incoming emails

French telco giatn Bouygues Telecom has confirmed suffering a cyberattack in which it lost sensitive customer data.

In a short announcement published on its website, the company said it detected the attack on August 4, and following an investigation, determined threat actors stole people’s contact details, contract data, civil status data (or company details), and IBAN numbers.

We don’t know exactly when the intrusion happened, who did it, if it was a ransomware attack or not, or how many people were affected - but acccording to official company data, Bouygues Telecom has 26.8 million subscribers.

Phishing potential

The teleco started notifying affected individuals via SMS, ousted the attackers, and allegedly implemented additional safeguards to prevent further incursions.

“We have blocked the malicious access, increased monitoring of our systems, and implemented additional necessary security measures,” the company said.

Bank card numbers and Bouygues Telecom account passwords were not affected.

While there is still no evidence the information stolen in the attack is being abused in the wild, the very nature of the archive gives it plenty of potential.

Cybercriminals can use it to craft convincing phishing emails, impersonating the company and forcing the victims into action by threatening to terminate their account.

Knowing information such as contract data and IBAN numbers could convince the victims that they are talking to legitimate representatives of the organization.

In a short FAQ, Bouygues said it “strongly recommends” users stay vigilant, and never share their login credentials, or passwords.

“Be especially cautious of calls from fake banking advisors who may try to gain your trust by mentioning your name or account number. If in doubt, hang up and call your bank or advisor back on their usual number.”

Finally, the company stressed that the IBAN number alone is not enough to initiate financial transactions, but users should still monitor their accounts closely.

Via TechCrunch

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.