Jump to content
  • Free, France’s second largest ISP, confirms data breach after leak


    Karlston

    • 258 views
    • 3 minutes
     Share


    • 258 views
    • 3 minutes

    Free, a major internet service provider (ISP) in France, confirmed over the weekend that hackers breached its systems and stole customer personal information.

     

    The company, which says it had over 22.9 million mobile and fixed subscribers at the end of June, is the second-largest telecommunications company in France and a subsidiary of the Iliad Group, Europe's sixth-largest mobile operator by number of subscribers.

     

    Free has since filed a criminal complaint with the public prosecutor and notified the French National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI) of the incident.

     

    "The affected subscribers have been or will be informed by email shortly," a Free spokesperson told BleepingComputer, adding that "no operational impact was observed on our activities and services" and "all necessary measures were taken immediately to put an end to this attack and strengthen the protection of our information systems."

     

    Free added that the attack targeted a management tool that exposed subscribers' data. However, the attackers failed to access customer passwords, bank card information, and communications content (including "emails, SMS, voice messages, etc.").

     

    The data stolen in the attack is now being auctioned on BreachForums to the highest bidder, with the threat actor—known as "drussellx"—claiming that the breach impacts almost a third of France's population.

     

    Allegedly stolen Free data up for sale
    Allegedly stolen data up for sale (BleepingComputer)

    "The data breach affects 19.2 million customers and contains over 5.11 million IBAN numbers. It affects all Free Mobile and Freebox customers, and includes the IBANs of all 5.11 million Freebox subscribers," the threat actor says.

     

    They also provided an archive containing some of the allegedly stolen data, screenshots, and database headers as proof that the data being auctioned is legitimate.

     

    As further proof, the threat actor said they're also willing to let potential customers search the stolen database to ensure that "the entire database that has been recovered" is for sale.

     

    Regarding the stolen IBANs (International Bank Account Numbers), Free says the attackers could only steal those of certain fixed subscribers and that they're "not enough to make a direct debit from a bank."

     

    "If subscribers nevertheless notice an unusual direct debit, not corresponding to any date and no known invoice amount, their bank is obliged to reimburse them. They have 13 months to report the fraudulent direct debit," Free said,

     

    "We also invite them to be vigilant against phishing attempts. Never communicate your access codes or bank card whether by email, SMS or during a call."

     

    A Free spokesperson has yet to provide more information about when the incident was detected and how many customers were impacted by the breach after being contacted by BleepingComputer for more details earlier today.

     

    Source


    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every day for many years.

    2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts

     

    RIP Matrix | Farewell my friend  :sadbye:


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...