French telecom provider Orange has suffered a second data breach in less that four months, and this time the intruders made off with personal information of some 1.3 million customers (nearly 5 percent of the company’s users base).
As you might remember, the January breach resulted in the theft of personal, household and subscription information of nearly 800,000 of the company’s French customers, after the attackers managed to compromise the “My Account” page in the client area of the Orange.fr website.
This time, the hackers managed to access a software platform that the company uses to send promotional emails and text messages to its customers.
Reuters reports that the stolen information includes the customers’ name, email address, mobile and fixed line numbers, date of birth, and names of mobile and Internet operators. Fortunately, no financial information was accessed.
Nevertheless, there is always the danger that the stolen information will be used by cyber crooks to create legitimate-looking phishing emails in the attempt to extract even more useful information directly from the victims.
“Orange has done the right things following the breaches, but it is worrying that the details of such a large number of customers were apparently unencrypted in the first place,” commented Steve Smith, MD of data security firm Pentura.
“This highlights how critical it is for businesses like retailers and telecoms firms to encrypt the volumes of consumers’ personal data they hold, otherwise it’s a potential goldmine for hackers.”
More details about the hack have been witheld for the time being, and an investigation is ongoing.