Bouygues Telecom Security Breach: Data of 6.4M Customers Exposed
Bouygues Telecom recently disclosed a security breach that unveiled the personal and financial details of 6.4 million customers. The compromised data encompassed names, contact information, subscription details, and IBANs, with passwords and credit card data unaffected.
The breach was identified on August 4 by the internal security team, which swiftly secured access and initiated an inquiry. Bouygues ensured that its mobile, broadband, and IPTV services operated smoothly despite the incident, focusing on maintaining customer-facing operations.
Affected customers are being informed via email and SMS, with a caution against potential fraudulent activities like misleading calls, messages, or emails. The firm warned of potential scams leveraging compromised information for impersonation attempts.
Though IBANs by themselves do not enable direct money withdrawals, when combined with other data, they can fuel social engineering tactics. Scammers may exploit such data to coerce individuals into revealing login credentials or authorizing transactions.
The undisclosed attacker obtained access to a selective dataset comprising customer contacts, civil statuses, and subscription history.
Legal procedures were initiated by the company, involving law enforcement bodies and data protection entities like CNIL and ANSSI in France. Per French law, the perpetrator could face a maximum penalty of €150,000 and up to five years of imprisonment.
CNIL and ANSSI supervise responses to breaches and broader cybersecurity issues, emphasizing proactive data protection measures, rapid responses, and effective communication with affected parties.
Bouygues Telecom, a major French telco operator with over 14 million mobile subscribers, competes with industry peers like Orange and SFR, managing a substantial cellular infrastructure nationwide.
No specifics were provided by Bouygues on the breach’s origin or culprits, although internal teams promptly thwarted the breach. Concerns escalated following a similar cyberattack on Orange France, prompting fears of targeted assaults on French telecom firms.
