The French arm of Telco Orange has suffered a major data breach which has seen 1.3 million customer details leaked.
According to the Register, hackers made off with subscriber names, dates of birth and phone numbers that were used for its email and SMS marketing campaigns. Orange did not disclose how the April 18th breach was executed, but the breach accounted for about 4.9 per cent of the Telco’s subscriber base.
Steve Smith, managing director of data security firm Pentura, said: “Orange has done the right things following the breaches, but it is worrying that the details of such a large number of customers were apparently unencrypted in the first place. The company has stated that the data has already been used in phishing attacks, to try and trick people into revealing further information.
“This highlights how critical it is for businesses like retailers and telecoms firms to encrypt the volumes of consumers’ personal data they hold; otherwise it’s a potential goldmine for hackers.”
Tony Caine, VP and general manager for APJ & EMEA at HP Enterprise Security Products, said: “While the attack has now been resolved, there is no telling how long the adversary had already been inside Orange’s systems. We’ve found that on average it takes 243 days for an organisation to detect a breach. The number of customers affected (one million this time; 800,000 in February) may have a significant negative knock-on effect.”
