It is disturbing that Orange France has fallen victim to another cyber-attack so soon after the very successful attack in February with nearly 5% of their subscriber base compromised equaling well over a million of their customers.  The latest breach discovered April 18th comes just three months after Orange fell victim to another cyber-attack in February when emails address, the passwords, the phone numbers and addresses of 800,000 subscribers was stolen from its customer website.  The missing data could be used to contact affected people by email, through text messages or by phone in order to get access to even more sensitive information such as passwords and bank card details. Orange has also stated that the stolen passwords cannot be used which alludes to a form of encryption being placed on the data. Orange states that this figure represents three per cent of the company's user base in France and has confirmed that passwords were also stolen.

Fortunately no payment information or credit card numbers were stolen but Orange has warned its French customers to beware of phishing attempts. The operator has warned that the information stolen could be used in phishing attacks on customers whose details were compromised. Although no bank card and payment information went missing, the double breach is quite embarrassing for the French company. The hackers were able to get in via a marketing platform which Orange uses to send promotional emails and text messages to opt-in users. The company declined to provide further information on how the attack was carried out on the grounds that it is taking legal action on the matter.

The company did not rush to announce the breach in order to analyze the scale of the snatched data and work on the security gaps that allowed the information to be stolen.   Angry customers went to the telco's Facebook page and showed their anger over the said breach by describing the receipt of phishing emails that announced bounced invoice payments.

Orange only recently conducted a survey which found that consumers are becoming increasingly concerned.  Customer concerns are about the data being stored about them by third-party organizations such as communications service providers, the handset manufacturers and social media networks. Orange France stated that they did not ask for bank details on SMS or email; though, it was not clear if the phishing was related to the said breach.   Most phishing sites are ‘live’ for just a few hours and the phishing attack is often indistinguishable from genuine communications and requests. That is why it is vital that Orange France customers are made aware of any threat to them immediately.

Cyber theft of personal details from companies around the world is a growing concern and one piece of general advice for consumers is to not to click on suspicious looking links in email.  Indeed that is Orange's advice to its French customers. The data breach problems highlight the constant struggle that operators face to keep their customers' data secure a struggle which will be discussed at the upcoming Mobile Network Security Strategies conference in London. It is advisable that Orange customers in France should change their passwords regardless and be on a close lookout for erroneous emails or other phishing scams related to the stolen data.