French mobile phone and internet service provider Bouygues Telecom has detected a security breach. All customers concerned have received or will receive an email or SMS to inform them.
On August 4th, Bouygues Telecom detected that an unauthorized party had infiltrated parts of the company’s corporate IT systems and was able to access personal information of 6.4 million customer accounts.
The attackers managed to steal contact details, contractual data, civil status data, and international bank account numbers (IBANs). Bank card numbers and passwords haven’t been impacted.
The internet service provider declared that its technical teams were able to resolve the incident swiftly. To prevent a recurrence, additional security measures have been implemented. The operator has also blocked malicious access and strengthened monitoring activities.
Bouygues Telecom has informed the Commission Nationale de l’Informatique et des Libertés (CNIL), France's data protection authority, and legal authorities. According to the company, the perpetrators of this type of attack face penalties of up to five years in prison and a fine of up to €150,000.
The provider recommends that affected customers be “particularly vigilant” of any fraud attempts, such as phishing. Scammers can try to obtain additional personal information, such as bank card numbers, to commit identity fraud. Victims shouldn’t transmit their usernames or passwords, or reply to fraudulent messages.
“Cyberattacks are very frequent and spare no company, despite all existing security tools and procedures. We are constantly evolving our security procedures to cope with the constant evolution of attackers’ operating methods,” Bouygues Telecom said in a press release regarding the incident.
All affected customers have been informed about the incident or will be notified shortly.
Last year, French telecom providers SFR and Free also suffered data breaches, with tens of millions of customers’ data stolen. The attackers targeted a management tool within the companies’ IT systems, which allowed them unauthorized access to personal information.
Your email address will not be published. Required fields are markedmarked