Orange, the French telecommunications giant, has confirmed a ransomware attack that exposed the records of 20 enterprise customers. The announcement was made after the actors behind the Nefilim ransomware leaked a snippet of exfiltrated data from Orange’s Business Solutions customer database.
The 339MB file titled ‘Orange_leak_part1.rar’ is said to contain data stolen during the cyber-attack. Researchers analyzing the files told BleepingComputer that the archive consists of emails, airplane schematics, and files from a French aircraft manufacturer, data that could indicate the company is one of Orange’s business customers.
According to a company statement, the attack took place between July 4 and July 5, and involved data hosted on one of the mobile carriers’ IT platforms. “A cryptovirus-type computer attack was detected by Orange teams during the night of Saturday 04 July to Sunday 05 July 2020,” the report said. “Orange teams were immediately mobilized to identify the origin of this attack and has put in place all necessary solutions required to ensure the security of our systems. According to initial analysis by security experts, this attack has concerned data hosted on one of our Neocles IT platforms, “Le Forfaitinformatique,” and no other service has been affected. However, this attack seems to have allowed hackers to access the data of around 20 PRO / SME customers hosted on the platform.”
The company said it has informed affected customers, and will continue to monitor and investigate the breach.
Details regarding the ransom demands have not surfaced yet, but recent ransomware attacks have made a profitable business for bad actors. Just last month, the University of California San Francisco (UCSF) succumbed to the demands of the attackers, paying no less than $1.14 million to recover their data.
Orange is ranked the fourth-largest mobile operator in Europe, boasting more that 266 million customers and nearly 150,000 employees. The aftermath of the data breach could have serious consequences for the telecoms company, especially with the European privacy watchdog knocking at their doorstep. However, it’s not just about the prospect of a hefty fine they should be worried about.
Data safety and privacy have been the talk of the town for years, and companies that fail to protect their users’ data often risk damaging their reputation and losing customers.