Orange stressed that sensitive data such as passwords, banking details, and email addresses were not affected
In sum – what to know:
Large-scale breach, limited data exposed – Hackers accessed information tied to 850,000 Orange Belgium customers, including names, numbers, SIM and PUK codes, but not passwords, banking, or email details.
Part of broader telecom security wave – The incident follows a July cyberattack on Orange Group and comes amid recent breaches at Telefónica in Peru and major U.S. carriers targeted by Chinese hackers.
Orange Belgium said Wednesday it had uncovered a cyberattack at the end of July that exposed information from about 850,000 customer accounts.
The operator stressed that sensitive data such as passwords, banking details, and email addresses were not affected. Instead, the compromised system contained customer names, phone numbers, SIM card and PUK codes, and tariff plans. PUK (Personal Unblocking Key) codes are eight-digit security codes used to unlock SIM cards after repeated incorrect PIN entries.
Orange Belgium said it quickly cut off access to the affected system and reinforced its defenses once the breach was detected. Authorities have been notified, and the company has filed an official complaint with judicial officials. The operator is also contacting affected customers by email and text, warning them to be cautious of phishing attempts and directing them to a dedicated information page.
The announcement comes less than a month after Orange Group, the Belgian carrier’s parent company, disclosed a separate cyberattack against one of its internal systems on July 25. At the time, the French telecom giant reported no evidence of customer data being stolen. Orange has not clarified whether the two incidents are connected or provided further details about the nature of the attacks.
The incident comes amid a wave of cyberattacks on telecom companies worldwide. In July, Telefónica launched an investigation after hackers published data allegedly tied to one million former customers in Peru, with the group “Dedale” claiming responsibility. In the U.S., carriers including Verizon, AT&T, and Lumen were recently infiltrated by Chinese hackers known as Salt Typhoon, who reportedly sought information on government wiretaps. That breach prompted the Federal Communications Commission to tighten scrutiny of telecom network security.
“The cybersecurity of our nation’s communications critical infrastructure is essential to promoting national security, public safety, and economic security,” said FCC Chairwoman Jessica Rosenworcel. “As technology continues to advance, so does the capabilities of adversaries.”
